How to allow login of user through mobile number?

Any considerations on this now @sam @Falco?

We are building an online community for mothers. We currently run our community over WhatsApp groups and intend to migrate the same to discourse. Most of our users don’t have an email id for sure.

Just like we enter SMTP creds, you could allow the forum owners to take the burden for SMS keys as well. Maybe allow a webhook based integration to start with?

1 Like

I don’t know these specific markets, but someone having a smartphone with a phone number can create an email address extremely easily. He would just have to install Gmail or any other equivalent app, or register on one of the many free webmail providers.

Registering on YOUR forum can’t possibly be the only place they would need an email address, or is it? Does it really make sense to adapt your forum rather than advise them to actually create an email?

(Sure, it would be a nice additional option, but on top of that, SMS sending isn’t usually free… And quite more expensive than emails even if you’re paying to send your emails)

1 Like

Looks like what the plugin mentioned a few posts above does?

AFAIK that plugin was abandoned?

1 Like

Many ecommerce providers in Asia require login by mobile (only) number these days.

In fact, the trend for the “retails, casual young, users” is not to use email. For example, my wife does not use email or a computer other than her iPhone and she considers email a kind of “relic of the past” (like a vacuum tube in electronics) and she refuses to own a computer (I even gave her a MacBook Air) because she says she can do everything she needs with her iPhone and she prefers small devices (and she is not a developer!)

Hence, when someone says … “(they) can create an email address extremely easily” this is overlooking the fact that for a growing segment of the “youth market”, this market segment just does not want to use email; and they don’t use email. Email is quickly becoming a relic of the past for a large segment of the market (the younger generation).

Hence, logging in with a mobile number where the site sends a OTP via SMS is becoming more common here than logging in with email and password (by far) with most new ecommerce providers in Asia.

Have not analyzed it fully yet, but on the surface it seems to be the mobile number is the user name (or in some cases the mobile number may be an alias for the user name); and of course the confirmations and validations are all SMS messages to the same mobile number. Again, this is the norm in my neck of the global woods.

It’s basically the same as “user name and password” but instead of a password, the ecommerce site sends a six or seven digit code via SMS to the mobile number and that is used as the login credential (like a one-time password). Here, providers consider this more secure, which is basically defaulting to 2FA using mobile; bypassing email completely. No mobile, no login, basically.

For example, I buy a lot of goods on Shopee and the login is my mobile number (even on desktop) and it is confirmed by a six digit OTP sent via SMS to my mobile. This is the standard here in the part of the world which I live.

Hope this helps.

3 Likes

So, this “size doesn’t matter” is indeed a lie :rofl:

I understood how it works, technically. No problem about that.
After, is this trend really a demand from consumers, or pushed by providers? (and consumers are believing it’s what they want afterwards). Like mobile apps, I find there are more advantages for providers than for consumers.

I guess with phone numbers, it’s easier to identify people and to prevent sockpuppets and such. Someone banned will have a harder time creating alternate profiles, etc. So, I can see the advantages provider-side. Consumer-side, not that much. Even less than for mobile apps (where there are some). Especially as you can install an app on your phone which will popup a notice when you receive an email, the same way than when you receive a SMS. I don’t see what advantage SMS brings to consumers over email, except psychologically maybe, but even there, I have a pretty hard time to really understand the logic.

I don’t know how it works in Asia, but in most of Europe, you can’t have a phone number without giving an ID. In the US, I am under the impression it’s becoming increasingly hard to get a basic “pay as you go” sim card where you can receive calls, with no monthly costs (where you would only pay “as you go” when you make calls/send SMS). I see that most providers seem to now push for monthly “plans”, even if still prepaid. All this compared with something pretty free and which can be created with no or little privacy concerns (I’m talking about email, of course). SMS length is also quite limited when you want to send a message.

I don’t see either the logic in not wanting an email address or not having one, for just when you need one. Is it easier for your wife to have one to give when asked or to have to answer each time that you don’t have one (knowing that it will block you sometimes). I can understand not wanting a phone or a credit card. This often has costs and can track you. I can perfectly understand not wanting a computer and managing everything with your smartphone. This actually makes a lot of sense to me (you may try to propose to her to connect an external keyboard, mouse and screen for when she’s inside the house, but it may not interest her).

Anyway, i don’t know. That businesses want people to use their phone numbers, I totally understand. I would be pretty much against it, personally (from a user POV). That people got used to this way of doing, I can also understand. That people have a problem creating an email address, here it becomes difficult.

As for allowing people to do this if it isn’t your own goal, I’m not convinced. Sure, more options are probably good. But in the end, it doesn’t seem easier to me nor to really bring any advantage. I can take the point that “it’s the trend” and why “fight” it rather than “go along” with it. But still (and here, it needs some development to enable its use).

PS: “Email is quickly becoming a relic of the past for a large segment of the market (the younger generation).” Why not, but compared to SMS!? Please. SMS is for sure as much a “relic of the past”, if not far more.

1 Like

Yes, my experience is that for people who reside in Europe or the US, it is very difficult to understand Asia, in general. Asia is on the rise both technically and economically; something most western countries seem to fear rather than embrace. The ecommerce here before was way behind eBay and Amazon, but not anymore. There are much better ecommerce choices in Asia now. All of this ecommerce in Asia (at least the part where I live) is fully mobile-centric; built for mobile.

That’s is normally because you are in Europe :). You think like a European :slight_smile: That’s normal for people who tend to spend their life (especially work life) on a single continent (the vast majority of people, BTW).

Asia was slow to move commerce to the Internet; but that is all behind Asia now; and now Asia is a huge force on the Internet, much more than people who do not live here can begin to imagine. When I first moved here from the US nearly 15 years ago, I had to buy all my stuff from eBay and Amazon and ship it here. Those days are far, far gone; and we have great ecommerce here now. I never buy anything from eBay or Amazon and have not for many years. Asia is rockin’ now with ecommerce and it is actually more advanced than in the “West”, to be frank.

Sending a six or seven digit one time PIN via SMS is not very limiting and this technology is not going away soon because it is free for all who have basic mobile service here. SMS is great for OTP and PINs and this is not going to change in Asia. Asia is mobile-number for logins with SMS OTPs to authenticate. That is not going to change anytime into the foreseeable future in this part of the world. SMS-based OTPs are actually quite good; and as you know, many big US tech firm (Facebook for example), sends their 2FA PINs via SMS as well.

Not really. You are thinking of SMS in terms of text messaging; but I am taking about only SMS for OTPs which are normally 6 or 7 digits only. This is a niche market for SMS.

That is because you are commenting from your perspective. Of course it does make sense to you; but it make perfectly good sense to all those who do not use it.

LOL. She is a young, savvy, mobile user and will always be a mobile user. No keyboard, mice or other rodent, I am sure!

3 Likes

Yes, I was thinking of users sending messages. That’s not the use we’re talking here. Point taken. Same for thinking from my own POV.

So, you’re saying you need to have a registration/login by phone number instead of email if you target the Asian market? As illogical or irrational it may seem to us Westerners? (seems to be the same logic for Africa according to above comments). And “they can just setup easily an email address for free” isn’t the good way a viewing this? (they don’t want and won’t, even if that email address would probably come handy on occasion).

Also, Discourse emailing posts where you are cited or quoted, that’s not something you will do with SMS. But you’ll argue they are not interested by this kind of thing?

I am not arguing. I am only explaining to you that most of Asia (the parts of this vast region I am familiar with living here for over 15 years) are using mobile phone numbers for login and SMS for the OTP (pin) to validate login; because the culture is “mobile, mobile, mobile”.

Regarding email notification; you are correct that email notification is not important in Asia, in general because the culture is mobile. With mobile, you can be notified on your mobile phone and there is zero need for email.

If you are talking “digests”, well if the majority of the users (of a particular culture) are not into email so much (which they are not in the part of Asia I am very familiar with) they are not going to read email digests, of course.

Asia Internet users tend to be younger, mobile savvy users. Email is not required for users at all, for the most part; it’s a “relic” of the past.

I understand that many people from Western cultures do not fully understand this; because they live in a different culture; an “email-based” culture. However, this is not the culture in many parts of the world, especially in Asia with young, mobile savvy Asian users.

OBTW, I was not relating my personal feelings or opinions on this topic. I’m only trying to explain that email is not popular nor important in many parts of the world, especially with young, mobile-focused users.

3 Likes

Jeff, just for information, if you look the above message, NoBugsBunny just edited it because he noticed he forgot a “to”. That’s it. And when he added it, it bumped the topic on latest for no good reason, and funny thing, it sent me a notification again (the first [normal] time because he answered to me, and because of the edit, it sent me a notification again “officially” because he quoted me).

It’s not very important, but (for information) that was the kind of justification behind the “no bump” topic
(Note: What I described is what happened after his first edit, before the second one)

Sounds like a bug, then. Different issue, hardly a sweeping justification for whatever it is you’re trying to say here.

Just to clarify, the request for SMS integration is purely for the login/auth purposes and not for all messaging via discourse. I intend to implement SSO with my own website where we have a mobile number based login only (no email).

With all due respect, most new age products that are coming out of India are going for the mobile number based auth. Mobile internet in India is super cheap and a huge segment of the population got on the smartphones with the internet because of WhatsApp and Facebook (both of which by the way don’t force people to create emails).

Please don’t assume that they can easily create an email and that they’d need it anyway, they won’t as one can use the entire suite of banking applications, fintech, mobile wallets, social networks, news, etc all with just mobile numbers.

Forum owners might miss out on a huge segment of users who’d simply drop of because they either did not have an email and maybe forgot the password for their email.

5 Likes

As it stands, to the best of my knowledge, none of our paying customers asked for this feature.

This is not an attempt to diminish it, but to build this you need to be able to talk to an SMS gateway, also you would need to decide of what level of cadence to use to bug people over SMS for notifications, simplest option being … never.

A plugin can certainly be built, we would simply play pretend with emails, if we had a paying enterprise customer asking for it, we would consider building it. As it stands there simply is not demand from our customers.

6 Likes

Well said.

@sam outlines a nice opportunity for an important plugin for Asian users as well as his rationale for not including it in core at this time.

Because reliable SMS gateways are generally commercial, this plugin could evolve into a profitable commercial plugin for an inspiring plugin developer.

Maybe this is the kind of opportunity @angus and Pavilion, or another Discourse commercial plugin developer, would like to add to their portfolio?

Yes, living in SE Asia for 15 years, I totally understand this! All of these services have moved, or are moving, to mobile login with SMS OTP.

Maybe you, @Mohit_Jindal could create a “Fund Me” campaign and fund a plugin developer to develop this plugin?

4 Likes

I disagree with the first part of this sentence. If they have a smartphone, they CAN. Duly noted for the second part. I can understand they don’t want to, and probably won’t for just ONE forum which doesn’t accept their mobile number and the way they’re used to.

Sure, I quite understood the “Asian” situation with NoBugsBunny’s explanations above. But your additional ones are welcome, and confirm what he’s saying. You would indeed need the plugin which has been discussed earlier (and unfortunately hasn’t been developed… yet)

Fair point @Mevo, I just wanted to highlight that it is not true that if something is easy to do, someone would do it :slight_smile:

Anyway, thanks to everyone for your inputs. I might just implement SSO with my own platform, validate phone numbers there using SMS, and send a “pretend” email like @example.com to discourse so that it doesn’t break. :+1:

I understand by doing this I will miss a lot of features like a reply to post etc, but I think that is okay and I hope power users can come and update their emails if needed themselves.

3 Likes

@Mohit_Jindal and @neounix : This is a little besides the point, but I couldn’t help myself to think just about this thing. A mobile phone number is NOT free. I guess even in India, or Asia as a whole, you cannot keep a phone number over time without having to pay something. Even if it is just topping up an account, but with money you can’t get out, so money you’re forced to spend with the phone sonner or later (you usually lose it anyway at one point if you don’t spend it).

If at one point you want or need to change your phone number (you lose it for any reason, you move abroad, you were harassed, or whatever, I don’t know), you can’t just “keep it” and take a new one additionally, like you would do with email. Because you always have a COST associated with keeping that number. Imagine if you now live in another country, you don’t have much use of your old phone number. Ok, you can always tell me that you just have to CHANGE it on every service you’re registered to, but you have to do this, and probably do it while you have access to the TWO numbers (old and new). What happens if you forget a few and don’t have access anymore to the number you registered with?

It still doesn’t make sense to me to use something necessarily COSTING something to users, rather than something with more functionalities (messaging, receiving long texts, etc) which can be kept indefinitely for FREE. On the other hand, using phone numbers will also probably be more expensive for forum admins because of the cost of sending SMS.

And, just out of curiosity, how does it work when a user logs out? You need to send him again a SMS each time he wants to log in again!? Is that how it works? Knowing there are costs for each SMS sent.

At least an app like 2FA which generates a temporary number if you don’t want to bother with passwords, I can understand, but constantly sending SMS!? (if it indeed works like this) Is this a conspiracy from Asian mobile providers or what? :rofl:

Maybe you should both start to educate people about the benefits of email :wink: (it’s half a joke, but I’m also half serious)

(Note: I fully understand all the “it’s the way it works here” part. But is it really logical? Maybe that’s a silly question, but still. The question of continuing something silly or trying to propose an alternative exists. You even currently have a problem of how to join the silliness. Or I may have misunderstood how this system works)

EDIT: I guess there is still a password. The phone number only replaces the email, not the password. That must be the explanation… And yeah, then it makes already more sense :wink: It’s my premises which were false…

Oh, I have NOTHING against Asia :wink: If I find out this thing is actually better, I’m not against trying to copy it :+1:

It’s all about understanding things, or trying to, at least. Keeping an open mind, being open about how others do things, and doing the best of what’s out there (doesn’t mean that what doesn’t exist can’t be invented/implemented).

I don’t care about which region it comes from. I really only care about ARGUMENTS. If that makes sense.

But anyway, I was initially under the impression that all the phone thing allowed you to get rid of passwords. This is NOT the case, or is it?

EDIT: Additionally, how do people communicate between themselves? They use services like Facebook, Whatsapp or others? Because this means they can only communicate with people actually being on the SAME service, right? One advantage of email is that it’s quite UNIVERSAL. Anybody with an email from any provider can send/receive emails to/from anybody with an email from any (other) provider. Note: I’m not implying the way to do is bad, just curious of how they actually do, that’s all.

Why can’t you just have it use the default sms or mms email associated with the given provider?

I know almost nearly every us number has one but idk about other countries

1 Like

Note: Choose a .invalid domain, not example.com.

4 Likes