Many public applications completely automate the registration and provisioning process because the size of the user base makes it impossible to manage manually.
However, many corporate applications will provision users manually, so this test case may not apply.
In the Word Press example below, the only identification requirement is an email address that is accessible to the registrant.
In contrast, in the Google example below the identification requirements include name, date of birth, country, mobile phone number, email address and CAPTCHA response.
For example, nickname is in the database but first_name and last_name are not (as of 3.9.1).
The password has already been encrypted when this action is triggered.
Typically, this hook is used for saving additional user meta passed by custom registration forms.
While only two of these can be verified (email address and mobile number), the identification requirements are stricter than Word Press.
A HTTP proxy can be a useful tool to test this control.