Register using phone number

[Max]

Current xenforo exclusively built around email address as the exclusive registration method.
So we can not even create a custom addon and enable registering using only the phone number.

Big potion of the new generation signup to social media using only phone number. they don't have an email. But even with social media connect option they can not sign in to xenforo.

When you use facebook connect with a FB account created only with a phone number, xenforo ask for the email address.
And they will not be bothered to create an email just to signup to your forum.

If you are serious about your forum, SMS gateway is no big deal. It will keep 99% of the spammers away and people start to value their account coz they can not create unlimited accounts using only disposable email.
If xenforo developers can't add this full phone registration feature, at least give a method to add phone as an unique registration method so we can create a custom addon using it.

 

[Jake B.]

If xenforo developers can't add this full phone registration feature, at least give a method to add phone as an unique registration method so we can create a custom addon using it.

This is already technically possible. Email does not have to be set when creating a user through the admin panel, or with imports from other software, so an add-on could definitely add a new registration process without an email address, it just may not be possible to do by extending the default one, and may require an entirely separate process

 

[thegr8wendt]

Registering users via email only is a major problem and lends itself to Spammers & Scammers (especially if you have a Classified-like section in your forum). Blocking scammers via IP address doesn't work because they all use VPN now!

Still searching for a good 2FA via SMS add-on to register new members.

 

[Mendalla]

I would love to see this myself. Not sure it matters much for my current forum, but it is definitely something that is becoming popular and even expected in the social media world.

Still searching for a good 2FA via SMS add-on to register new members.

Would be nice to have even as a 2FA option for members. Email 2FA really is not that secure but not everyone wants to put in the effort to setup an Authenticator app. I use Google Authenticator myself but I work in IT and use 2FA apps a lot for work so I'm an edge case on that front.

 

[thegr8wendt]

Google Authenticator is too much to ask of forum members, and would deter registration. I'm surprised someone hasn't created a verification via SMS add-on yet. Seems standard on many sites now.

 

[duderuud]

Problem is that SMS as a MFA method is not very secure.

There is a reason why you used to see SMS in the past but nowadays authenticators are the default...

 

[Mendalla]

Problem is that SMS as a MFA method is not very secure.

There is a reason why you used to see SMS in the past but nowadays authenticators are the default...

Better than email which is the only alternative to authenticators that we have now. In a work environment, we can force use of authenticators (and we do in my company for AD accounts used for SSO and for our VPN) but forum admins don't really have that luxury so having a slate of user-friendly, reasonably secure options and then encouraging people to use the best one available is probably the best many of us can do.

Someday, I hope that Google and Apple will make authenticators core to their mobile OSes which will simplify things for non-technical users. Google has it now but only for Google accounts.

 

[Joe Link]

Registering users via email only is a major problem and lends itself to Spammers & Scammers (especially if you have a Classified-like section in your forum). Blocking scammers via IP address doesn't work because they all use VPN now!

Still searching for a good 2FA via SMS add-on to register new members.

I would love to see this myself. Not sure it matters much for my current forum, but it is definitely something that is becoming popular and even expected in the social media world.


Would be nice to have even as a 2FA option for members. Email 2FA really is not that secure but not everyone wants to put in the effort to setup an Authenticator app. I use Google Authenticator myself but I work in IT and use 2FA apps a lot for work so I'm an edge case on that front.

You're both exactly right.

People who don't run sites with classifieds or other high value targets likely don't realize how difficult it is trying to deal with the overwhelming number of scammers these days. Requiring a valid phone number for registration would be a huge step in the right direction. Also, SMS for 2FA might not be the most secure, but it's far better than people not using 2FA at all because it's a pain.

I'd likely be interested in going in with you guys on a custom add-on, depending on the developer

 

[Suzanne O]

Wouldn't bother with registering via mobile phone number.

Can't trust everyone with your personal information.

 

[javakhir]

would be nice to see this option on XF. it can be game changing, register using phone numbers, users can join whatsapp, telegram channels by their own will, to read important updates & news. this can trigger them to visit forum more often
for example I use parrotposter, save my time!

 

[zappaDPJ]

I'd like to see this as an option in the core software. Failing that...

I'd likely be interested in going in with you guys on a custom add-on, depending on the developer

As would I.

 

[Seeker-Smith]

Put this in suggestions so it can be voted up.

 

[Arantor]

It’s already in suggestions.

One thing to bear in mind, registering via phone will incur a cost since you’re going to need to send at least one message to the phone to verify it - and short of having a dedicated app, I think you’ll need to look at services like Twilio.

 

[javakhir]

Telegram offers sms verification for $0.01, if phone number is not registered in Telegram, they won't charge for it

 

[CTS]

New to this convo, but I am curious....

What is the likelihood that storing more PID on your database may bring even more privacy concerns to the forum operators.

I mean, already we store IP, associated IP's, verified email addy. All three3 of those can be functionally spoofed or throwaway such as email.

But the phone number is tied tight to the individual.

I don't think I want that risk for my members.

 

[Jake B.]

But the phone number is tied tight to the individual.

I don't know that it's tied any more tightly to an individual than an email addresses. There are many services that let you send / receive SMS without it being tied to your physical phone.

 

[CTS]

That may very well be true. Privacy was just the first thing to pop in my mind after reading the thread. Personally I wish to ever store no more PID than critically needed. I don't need that liability risk myself. I think if it were available, the vast majority of people would just use their phone and not go to lengths to hide their number unless they had a reason. jm2c

 

[zappaDPJ]

I think to some extent this might depend on the use case. Two of my forums are private, by invitation only and they hold a lot more PII than the average forum. I know categorically the members of those forums would be more than happy to have new members verify by SMS and use it themselves for 2FA.

I can understand why people might be hesitant but in reality you are usually obliged to enter a phone number every time you buy online and that number is often passed on to other parties for delivery preferences so I don't see it as a major privacy issue providing you take proper steps to keep your forum secure.

 

[Mr Lucky]

but in reality you are usually obliged to enter a phone number every time you buy online and that number is often passed on to other parties for delivery preferences

But there is a good reason for that when something needs delivering. You get a text to say the delivery is on its way or a text/call if there are delivery problems. Not the same as registering on a forum.

Why is it needed for a forum?

 

[zappaDPJ]

Why is it needed for a forum?

Initially it was put forward as a popular suggestion from a forum member, the general consensus being that it would engender trust among members as we hold a fair degree of sensitive information which should be kept private. As a forum owner I'd like to make use of it in order to verify a member's login for similar reasons.

I agree its use might be limited to some extent but I also believe it would be beneficial to have it as an option as it seems to have become the norm for the majority of applications that require the creation of a login or transaction. I feel it's more important more than ever to be able to offer forum features that reflect today's usage of technology.