SMS mobile phone message verification for signup


(ariddell) #1

I’m curious if there’s open source software that might assist in setting up a system where one can ask for SMS (phone) verification in addition to e-mail verification (much as google does when one signs up for gmail).


(Michael Downey) #2

It’d probably be straightforward to build something like this with Twilio or a similar service.


(Markus) #3

Has anybody experience by using Twilio for mobile phone number verification?

This would close a big gap of my workflow. I’ve recently signed up at Twilio and I’m fascinated. Pricing and features are great!

I need this to ensure my users (doctors, colleagues and patients) are providing me a valid phone number at registration and for password reset. Maybe later for a easy to use 2nd-factor-authentication.

Kind regards


(Benjamin Kampmann) #4

This is one of twilios main use cases. I had worked with it in the past and can recommend it for sure.

Currently Discourse doesn’t allow any easy way to integrate such an extension though…


(Markus) #5

###What is key problem? Why is it so difficult to implement it?

Discourse is already providing a bunch of SSO solutions for the authentication procedure. Twilio has some sample code on their website how to implement 2nd-factor-auth with about hundred lines of (php) code. Jake at Twilo (Customer Onboarding and New Business) recently asked me about my use case and I gave him this topic as answer.

Maybe they will officially provide an extension. :gift_heart:
This makes much more sense for me.

P.S.: In addition to my recently mentioned use cases, it would be nice to get text message notifications instead of unencrypted e-mails for my patients. Maybe by enabling this for special topics, groups, categories or users. Not for anybody (in terms of preventing a cost explosion).

###Small Update from Twilio:

In regards to offering an official Discourse 2FA solution, I don’t think that’s in the cards. That being said, we just announced our acquisition of Authy, a 2FA and Account Verification specialty company. They are a great fit for any sort of account security related needs you might have.


(xiasummer) #6

This is very important as in China, the government are pushing every acount be associated with their cell phone number so easy to find the true name of that account.

Hope this be functional soon.


(Markus) #7

It‘s not a good idea to dedicate support repressive goverments in surveillance.

Freedom of speech, crypto for users and anonymity has to be always more important than some „optional features for individual organizations / gated communities“.


(xiasummer) #8

Great answer, but what can we do? Our Government is just doing things in this way. As a Chinese, we have to obey……Or, we have to shutdown the servers in China……And that’s not a good choice. We have to learn to cope with the government.


(Markus) #9

Thats a very important question nowadays we have to discuss.

On the one hand side, I‘m sure we need a working constitutional state to stop „(the most affecting) illegal activities“ (e.g. child porn, violence, …) . But on the other hand side we rely on dempcratic principles, private autonomy and the right to protect ourselves against political repressions.

How we do this in algorithms and code, I can’t say at the moment. Everything we invent for good poruse could always be used as a weapon against us.


#10

It would be great to integrate sms verification!


(Michael Downey) #11

Let us remember that using SMS for any type of 2FA or verification is neither secure nor reliable.


(Stephen Chung) #12

Aren’t you confusing freedom of speech with privacy?

Freedom of speech means you can say whatever you want. It doesn’t mean you can pretend to be somebody else, or remain unknown. Those are privacy issues.

Many forums require you to login and disallow anonymous posting. They do not violate freedom of speech.


(Markus) #13

I just think so, because the governments are trying to implement new surveillance mechanisms by legal acts, especially for big (relevant) social media communities, with content filters, upload pre-screenings, … . And this happens in first place fully-automatically. The police might be send to those post authors BEFORE someone really inspected the legal issue with that post. Recently happened with an palestinian guy, who postet some harmless picture and text on Facebook, which was incorrectly translated by FB and he got all the trouble. I’ve also heard from several police visitings from friends who has visited China some years ago. A friend of mine was searching for “AIDS” and “HIV” in his search engine.

This is only possible due to the fact, that there is a personal connection with someones account and his phone number and current location / home address. IP-adresses might also be easily traceable, but not if you don’t want it. I think freedom of speech is much more important than mechanisms against privacy. If they become standard, we won’t see uncensored opinions any longer in those affected sites.

As an example, here in Germany: Have a look at the “Netzwerkdurchsetzungsgesetz”. This law could be very dangerous with the false people in goverment.

Best