Meta is wrong.<p>If you're using an authentication/identity scheme, then it's your problem if that scheme presents a security problem. Whether or not the technical roots of the security problem is your doing is irrelevant. You chose that method, and so are responsible for how well that method works.<p>Particularly if that method depends on an obviously untrustworthy thing such as being dependent on a phone number.