The author of the article conducted research by calling 35 different customer support phone numbers to understand how companies authenticate users over the phone. The study found that most companies use simple methods such as automated systems, phone number verification, and manual identification with agents, but few use more secure authentication methods like one-time passcodes or voice recognition. The author notes that many of these methods are insufficient, allowing for phishing attacks and unauthorized access to accounts. To improve security, the author recommends matching the rigor of web authentication, using strong authentication methods like SMS one-time passcodes, voice recognition, and hybrid platform security, building guardrails for agents, and considering a threat model. The article concludes that while there is no perfect solution, it has sparked ideas for increasing security in over-the-phone authentication systems.