If you use a third party service for your email ID, the third party can ban you or like you mention - disappear and basically take your identity away.
If you rely on national ID cards, you have another set of problems.
If you rely on phone numbers, these can be sim-jacked.
If you rely on bio-authentication methods, you risk your privacy especially when the master database gets compromised.
Relying on any single source seems to be a recipe for disaster. Perhaps the solution is to have multiple ways to authenticate yourself, with different levels of credibility and to let as many of them survive as possible. Phone numbers and email IDs seem to have similar levels of credibility, but I haven't seen domain name service providers take to phone number authentication as much as I would have liked, but things are looking up. Alternatives could be backup codes, which some registrar's use if you have 2fa enabled.
I think the usual suggestion is a public/private keypair. You then sign accounts saying they are yours.
This would also allow you to have multiple identities in cases where that is useful.
I've heard of various groups doing this under blockchain (of course) which is a way to solve the problem of publishing the details, but in many cases you don't really need that. It should be enough to make a key and get involved, like Bitcoin.
The issue of course is that if you lose the key(s) you have a major problem, whether they're just lost or stolen. This is probably solved with MFA but it's not a solution if that opens up other attacks.
For me, email has much more credibility than phone numbers.
The email market has worldwide competition, phone providers compete at a local level only. You can choose from thousands of different email providers, while phone provider choices for any given person are ~5.
The effective 'god' of domain names is IANA, which, while imperfect is more trustworthy than the 'gods' of phone numbers: local governments and telcos.
>If you rely on bio-authentication methods, you risk your privacy especially when the master database gets compromised.
It's my understanding that these methods (TouchID, FaceID) don't actually store your thumb prints or images of your face rather they store hashes of the output. Similar to how passwords should never be stored in plain text.
Its more than a hash since it needs to be able to match similar inputs (face at different angle, partially obscured), its probably just a bunch of raw measurements but not actually a photo of your face.
The upside is its only stored on the device itself and not in a master database and also isn't used for any remote authentication so can't be exploited by hackers over the internet.
Rounding drastically reduces the search space of possible values. A cryptographic hash is no good if you know that the original message can only take on a finite set of values that can easily be enumerated.
The problem is that every new source of identity added is another new attack vector. If there are 10 different ways for me to prove I am who I say I am, it only takes a security flaw in one for my account to be compromised.
If you use a third party service for your email ID, the third party can ban you or like you mention - disappear and basically take your identity away.
If you rely on national ID cards, you have another set of problems.
If you rely on phone numbers, these can be sim-jacked.
If you rely on bio-authentication methods, you risk your privacy especially when the master database gets compromised.
Relying on any single source seems to be a recipe for disaster. Perhaps the solution is to have multiple ways to authenticate yourself, with different levels of credibility and to let as many of them survive as possible. Phone numbers and email IDs seem to have similar levels of credibility, but I haven't seen domain name service providers take to phone number authentication as much as I would have liked, but things are looking up. Alternatives could be backup codes, which some registrar's use if you have 2fa enabled.