[gruez]

Given that the gp was talking about victims being "SIM swapped", I strongly suspect he's referring to the classic sim swap attack where you sim swap, then use the newly registered sim to receive a password reset code. If it just involves discovering your phone number, you wouldn't need to sim swap at all.

>The gp proposes a different "private identification string" that's not public. Public IDs such as "email address" or "phone number" are susceptible to what this article is talking about.

This is a non-starter for the general public. If they can barely remember their password what are the chances they'll remember a "private identification string" or whatever?