Tying a real-world identity to an online identity can be tricky. We acknowledge that, and there have been lots of disjointed efforts to solve this fairly common challenge. One of the ways its frequently done is to tie a digital identity to a mobile number – the theory goes you have to be identified as a real person to a carrier, so tie to that, and you’re good, right?
Well. If requiring a mobile number to sign-up for a service actually made a substantial difference to spam, bots and undesirable online behaviour perhaps I would be more understanding of some online providers mandating users use a mobile number. But it doesn’t, so I’m not.
Now I should come clean, I do have a phone number, and most of the time I’m willing to freely hand it over in order to get my next dose of internet-delivered dopamine so I can try the latest thing. However, not everyone actually has a mobile number, and a great many people who do have a number don’t want to hand it over just to use a service.
There are two major ways I’ve seen the lack of the ability or desire to hand over a number affect signing up for a service. Firstly, there are products like Google’s Due video chat or Telegram’s messaging service that require a mobile as your unique registration ID.
For example, my 7-year-old daughter is desperate to have her own Duo account to use to video call from her devices and our Google Smart Displays. However, she doesn’t have a phone number – and, as I’ll explain, I’m not really minded to get her one.
Now, I hear some of you, just get plan XYZ from carrier ABC and you can get a cheap phone number for $x.xx for a year. Okay, sure, I could do that. But that’s not happening – a 7-year-old doesn’t need a phone number, and no one should have to buy one just to use a service.
Sure, I could go get a cheap prepaid, get the number and use it to sign up to the things she needs, and then throw it away. Unfortunately, that doesn’t really work either, as many apps rely on SMS verification .. and you can’t use that without the mobile service active.
For Duo every time you signup on a new device you have to enter a number from a text message, so having a once-off number just doesn’t work, you need to have it again and again. On apps like Telegram you can authenticate via in-app messaging after the initial registration, but SMS is always a backup, so when your one-time number gets reissued to someone else (granted, it takes a while for that to happen) then all of the accounts registered to that number will be accessible that new person. That’s less than ideal.
What’s the solution? I would think that’s easy, use another unique ID, I would suggest Email as a good alternative, they are easy to get, completely free via Gmail and numerous providers, and as previously suggested have a ‘real phones number’ has done nothing to stop bad actors. There would also be a secondary improvement, companies no longer using SMS for authentication. They may even move a more secure method such as Google Authenticator, which is as easy to implement and doesn’t require an international SMS provider.
One thing is for sure, having to provide a mobile number for SMS is a barrier to legitimate customer registrations and a minor hurdle to bad actors, perhaps it’s time to rethink all of this!