Service Providers Are Risking Security for User Retention

Bell Labs' Siddharth Rao on the Need for Stronger Safeguards in Account Recovery Michael Novinson (MichaelNovinson) • August 12, 2025

Service providers often sacrifice security in account recovery to keep users on their platforms. Siddharth Rao, senior security research scientist at Nokia Bell Labs, said this approach leaves systems vulnerable because usability is prioritized over robust safeguards. The trade-off may help retain customers but creates weak points for exploitation.

See Also: AI, Zero Trust and SASE: Modernizing Security

One major risk comes from relying on out-of-band channels such as email or SMS for recovery. These are outside the provider's control and can be compromised without detection. Rao said providers often fail to apply the same strict password policies to recovery as they do during account creation, leaving recovery flows easier to exploit.

"There are two aspects to this. One is overly strict security policies, and the other aspect is the ...