In this case, the solution is easy. The user most likely already has an account, so just ask for the account password. If the users claims they lost the password, then do a classic password recovery via email.
Of course it's tricky for organizations storing data about users without an account. (eg. Facebook or Google, not sure how they could handle that at all, even with government ids)
Of course it's tricky for organizations storing data about users without an account. (eg. Facebook or Google, not sure how they could handle that at all, even with government ids)