Internally, we've started a discussion around using a phone number as the primary identifier for a user's Firefox Account.
I'm bringing that discussion to a public list. Here's a quick summary: Why use a phone number as an account identifier? 1) Low friction. For many mobile FxOS users, it is likely more convenient for them to sign up for FxA using the phone number associated with their phone than with an email. 2) Some users don't have email. Some target FxOS users might not even have an email account, so using the immediate phone number may be the best option for getting those users signed up. Without his permission, I've included arog's view on this matter: "When it comes to the target market, we're heavily hedged towards feature phone, and non-phone users in emerging markets. Many of these markets have skipped the 'wired internet' in favour of going straight to wireless. Because of the combination of these factors it is thought that many (most?) users will not have existing email addresses. Research in this area is generally sparse as it would require us to put 'feet on the street' to do any robust data gathering. We should also keep in mind that in several of these markets using ones phone (sim) as their primary 'identity' is pretty common so while email may make more sense for us, it may not for them. Take M-Pesa for instance." Here's the rub: phone numbers are treated as disposable to some users and are often recycled by providers. This raises a lot of questions about how to design a portable identity system around phone numbers. --------------------------------------------------------------------------------------------------------------------------------------------------------------------- I have two main points: 1) I suspect that if a user doesn't even have an email address, cloud services as we know them are going to be a completely new concept. Getting such a user to sign up for an account of any kind is going to a be hard sell if she doesn't understand the value prop of cloud services in general. 2) Phone numbers as an account ID are more appropriate for some applications than others. Which leads me to: 1) What are the services we'd like to enable with phone number based authentication? 2) What the requirements for phone number based authentication? Does it have an associated password? If so, do we need a "forgot password" mechanism? Can a user claim a phone number in FxA that was previously claimed by a different user? I can help with 2) if 1) becomes a little more clear. WhatsApp and M-Pesa are excellent use cases for phone number based IDs, but those are very specific applications. FxA is intended to be a general purpose identity system for our relying services and introducing phone number based FxA as a drop-in replacement for email based FxA is a dubious proposition. For example, if phone numbers recycle, and we allow password reset via SMS, the new recipient of your phone number gains access to your account and everything associated to it. -chris _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
