How to allow login of user through mobile number?

Something I’ve never ever considered since this very discussion: Why are all services even asking for an email in the first place?

If you get rid of all the notifications or other usages (what was considered here) and if you don’t consider all the reasons why the PROVIDER of the service does want it (build a database, being able to mail announcements, potential ads, limit a little mass account creation? [not really], maybe have a way to contact the user, etc.), from the USER POV: Why? If you actually don’t want to be contacted nor receive any email.

I can only see the recovery of the account in case you lost your password and confirming you have control over the email in case your account has been hacked one way or another.

Haven’t we also been “used to it”, and don’t even ask ourselves the question since a while? In the case of email, it’s quite OK, I feel, as you don’t necessarily have to give out “your” email address but can always create another one if you want (which is harder with a phone number!).

Isn’t there an argument to allow a “no email” account creation? Or to render the email address optional? I know quite nobody does it, but why!?

You’re answering your own question.

Something else: Jeff raised a very valid question 1.5 years ago. SMS is not secure. Why is this still considered an option?

1 Like

Fair enough, but there may be an argument for a “bitcoin” way of doing things (on option only, the user decides): You lose your password, you don’t complain, that was your choice and you chose to be responsible about safeguarding it. We also can imagine alternative ways to recover accounts, not needing an email or phone number (not needing any contact method, in fact).

I mean, it seems possible to me to have an option for a private / no hassle way of registering if one chooses to (and if the admins are willing to): Username and password, that’s it. No contact method, no verification of the latter (same: Why exactly is there these email verification we all got used to? It doesn’t seem to make sure there wasn’t a typo as you often cannot correct the email. It’s to make sure you gave a valid email, because you have NO CHOICE. You have to provide one, and god forbid you just gave a false email on purpose. There are still temporary email services, indeed)

A “no email” registration method may also solve the purpose of this topic.


Yes, it is known SMS isn’t secure for IMPORTANT stuff. Email isn’t either, it’s probably far worse! But SMS appears as being pretty safe, when it isn’t really.

I’m closing this topic now since this discussion has veered off-topic and there’s no attainable goals here.

The main question was

“How to allow login of user through mobile number”

…and the answer is: signups via mobile SMS could work with a custom plugin like Sam mentioned here.

As of today, though, no such plugin exists, and there are no plans to implement this in core for now. So, it would have to be implemented as a plugin.

So, if you really need this functionality, please create a topic in the #marketplace category and add your budget there.

10 Likes