Tying a real-world identity to an online identity can be tricky. We acknowledge that, and there have been lots of disjointed efforts to solve this fairly common challenge. One of the ways its frequently done is to tie a digital identity to a mobile number – the theory goes you have to be identified as a real person to a carrier, so tie to that, and you’re good, right?

Well. If requiring a mobile number to sign-up for a service actually made a substantial difference to spam, bots and undesirable online behaviour perhaps I would be more understanding of some online providers mandating users use a mobile number. But it doesn’t, so I’m not.

Now I should come clean, I do have a phone number, and most of the time I’m willing to freely hand it over in order to get my next dose of internet-delivered dopamine so I can try the latest thing. However, not everyone actually has a mobile number, and a great many people who do have a number don’t want to hand it over just to use a service.

There are two major ways I’ve seen the lack of the ability or desire to hand over a number affect signing up for a service. Firstly, there are products like Google’s Due video chat or Telegram’s messaging service that require a mobile as your unique registration ID.

For example, my 7-year-old daughter is desperate to have her own Duo account to use to video call from her devices and our Google Smart Displays. However, she doesn’t have a phone number – and, as I’ll explain, I’m not really minded to get her one.

Now, I hear some of you, just get plan XYZ from carrier ABC and you can get a cheap phone number for $x.xx for a year. Okay, sure, I could do that. But that’s not happening – a 7-year-old doesn’t need a phone number, and no one should have to buy one just to use a service.

Sure, I could go get a cheap prepaid, get the number and use it to sign up to the things she needs, and then throw it away. Unfortunately, that doesn’t really work either, as many apps rely on SMS verification .. and you can’t use that without the mobile service active.

For Duo every time you signup on a new device you have to enter a number from a text message, so having a once-off number just doesn’t work, you need to have it again and again. On apps like Telegram you can authenticate via in-app messaging after the initial registration, but SMS is always a backup, so when your one-time number gets reissued to someone else (granted, it takes a while for that to happen) then all of the accounts registered to that number will be accessible that new person. That’s less than ideal.

What’s the solution? I would think that’s easy, use another unique ID, I would suggest Email as a good alternative, they are easy to get, completely free via Gmail and numerous providers, and as previously suggested have a ‘real phones number’ has done nothing to stop bad actors. There would also be a secondary improvement, companies no longer using SMS for authentication. They may even move a more secure method such as Google Authenticator, which is as easy to implement and doesn’t require an international SMS provider.

One thing is for sure, having to provide a mobile number for SMS is a barrier to legitimate customer registrations and a minor hurdle to bad actors, perhaps it’s time to rethink all of this!

    4 Comments
    newest
    oldest most voted
    Inline Feedbacks
    View all comments
    Jay
    Jay
    1 year ago

    “I would suggest Email as a good alternative” … but most popular email providers such as Google, Yahoo etc now require a mobile number to sign up.

    Jay
    Jay
    Reply to  Duncan Jaffrey
    1 year ago

    But did you create those ages ago? I have multiple google accounts too that I set up years ago before mobile numbers were required. Then I tried making yet another account around 2 years ago, and it wanted my phone number… wouldn’t let me proceed without a number. Yahoo and microsoft was the same, so I finally settled on proton mail. Maybe Google have changed the requirements since I tried.

    Ip
    Ip
    1 year ago

    Yeah it’s really annoying when you’re overseas and the only way services want to authenticate you is by sending you an SMS. Sorry, I am not going to activate roaming for any reason, let alone this. Thankfully, my bank allows me to turn off this extra security for my credit card. Which is probably a bad thing but I don’t have much of a choice…