Just today a delivery service wanted to send an SMS to validate my phone number, so I was forced to use a mobile phone number rather than landline. Landline often makes more sense, because usually they'd call to reach someone in the household the item is being delivered to, not a specific person. Other delivery services require a landline number, which sucks for people who don't have one.
Some services limit you to one account per phone number. Not only are there 5 numbers that route to my card (probably common given that this was a local provider's standard offering some time ago), once I even got a one-time token for some account a previous owner of a number was apparently trying to reset. It helpfully informed me which service it was for, so I could have likely used the fact that I now control that number to take over their account.
Using phone numbers for 2FA/account resets is worse than e-mail, even ignoring the fact how vulnerable telephone networks are to spoofing/intercepts.
The "Falsehoods Programmers Believe about ..." series is well worth reading every six months or so.
Invariably you forget one of the pitfalls.
The things that annoys me about "Falsehoods Programmers Believe about Email Addresses" is that one person can have several email addresses, or use one email address for several different uses, so using an email address as a login to a website account can get really, really messy.
> In New Zealand, non-urgent traffic incidents can be reported by calling *555 from a mobile phone. Alpha characters may also be used in phone numbers, such as in 1-800-Flowers.
Is this true? Do carriers actually accept [a-zA-Z] in their phone numbers? (if so, how are they encoded?). I couldn't find any reference to this elsewhere.
I had assumed that advertisement-numbers like `1-800-Flowers` had to be translated by a person when they entered the number on their phone via their keypad.
Given the context `Falsehoods Programmers Believe`, I think it is referring to how one validates a number submitted from a form (but maybe there are devices like this?). So, if a flowers company signs up and wants to list their number as 1-800-Flowers they would get a validation error on many sites.
When I'm interviewing, I'll usually start with something simple with an input that is a phone number and the first 'questionable' input I'll hand them is 1-800-FLOWERS and ask how they are handling it. There are a lot of interesting edge cases with phone numbers. None super tricky , but it makes for an interesting first set of how someone thinks
1-800-FLOWERS is not a phone number. The phone number is 1-800-356-9377. FLOWERS is just a mnemonic device called a phone word (https://en.wikipedia.org/wiki/Phoneword).
Maybe the document should be called falsehoods programmers believe about what people will provide when asked for their phone number.
KLondike-5 is really just 555. Those old exchange names were made up from the exchange's assigned numeric digits. That's why both the K and the L are capitalized, and why e.g. ACademy, BAldwin, and CAnal were all the same exchange. Probably still a better example than 1-800-FLOWERS though.
Some services limit you to one account per phone number. Not only are there 5 numbers that route to my card (probably common given that this was a local provider's standard offering some time ago), once I even got a one-time token for some account a previous owner of a number was apparently trying to reset. It helpfully informed me which service it was for, so I could have likely used the fact that I now control that number to take over their account.
Using phone numbers for 2FA/account resets is worse than e-mail, even ignoring the fact how vulnerable telephone networks are to spoofing/intercepts.