Ask HN: What % of users refuse to use phone number login?

[warmstart]

We'd like to understand what % of users prefer to use phone number OTP for login & what % of users would straight up bounce / refuse to login if phone number was the only option.

Are there any particular resources you'd recommend for researching such consumer preferences?

[LinuxBender]

There are very few sites I would even remotely trust to give my number to. For starters, sites get hacked all the time and sim-swappers use this information to decide what numbers to steal assuming the site has something that converts to real currency or provides some additional information that can be used to access financial data or providers the attacker with a way to anonymize further crimes. This is partially the fault of the passive-aggressive lazy wireless industry and legislation around portable numbers.

If it's a brick and mortar business that is local to me and I can walk in if there is an issue with my phone then I might consider it. Even then I disable web access to anything financial if it's an option with that business. The local grocery store for example has my Skype-In number and that forwards to my cell. There are a limited number of businesses that will send SMS to Skype however since it is VoIP and is rife with abuse. I am less concerned with attackers learning my Skype number.

So if your business officially supported sending SMS to a VoIP number and officially stated that so I did not have to be worried some day your business would cut me off when it decided to not support Skype-In then I would probably use it. If an actual cell is required I would not likely participate but I am a bit jaded after seeing everything that can and will go wrong on the internet. I will not install a websites application on my phone.

[gtvwill]

Depends on your level of service. Government? No problem, they've got it a dozen times already. Private industry....your pushing it. My security > your need for my number. If you require it for signup and your product/service isn't directly related to phones/calling/using that number for something then my alarm bells be ringing. 11/10 assume your just going to sell it or lose it in some data breach to spam calling tele marketers.

[rsclient]

You'll need to be more explicit about what you think "Phone OTP" is and what you think "refuse" means.

Phone as in, "the OTP requires a cell phone with yet another buggy authenticatoin app"? Or phone as in "can support SMS"? Or phone as in "phone must support touch-tone"? Phone as in "the user must be able to hear and speak?"

"Refuse" as in, "I'm in the unpopulated area of Washington state and I have no phone signal"? Or refuse as in "I'm not using my personal device for work"? Or rfuse as in "I don't use smart phones because I want to live in the moment"?

[warmstart]

By Phone OTP I mean the following Registration/Authentication flow : To Register, user must enter phone number, user is then sent a 6 digit code via sms to the given phone number, user then must enter the code to register. To Login, it's the same flow.

By "Refuse" I mean - User has full ability to go through the flow but chooses not to for whatever reason (eg. doesn't want to share their phone number)

[JohnFen]

You are aware that this isn't a secure method for MFA, right? Issues of people's willingness to provide phone numbers aside, I would encourage you to look at other options if security is your goal.

[warmstart]

Yes; thank you for bringing that up. Sim Swapping would also be a concern.

[logicalmonster]

I think you'll find wildly different answers, but the audience here might tend to be a bit distrustful of providing phone numbers to companies they've never heard of on the first date.

That said, if you want some type of one time "verification" of some identity, why not offer both phone and email options for login? Send either a 6 character code to phone or email: the user's choice.

[JohnFen]

I have no data on what the general population's stance is.

Personally, I won't give my phone number for this purpose.