Twitter’s new identity service based on phone numbers

At Twitter’s Flight conference they announced Digits: a new, free, global service for verifying phone numbers. Twitter is providing an SDK to make it easy to use Digits in iOS and Android applications and a Web SDK is coming.

The email and password prompt popular for the last 20+ years of the web does not work for the emerging markets when their first computer is a mobile phone. The “digital” identifier they have and use to identify themselves to others is likely a phone number, and they are unlikely to have (or don’t know) an email address.

The identity problem Twitter is addressing is how the app developer knows it is the same user across multiple instances and invocations of their app. Having the user choose and remember a password associated with an email address is a barrier to adoption. Apps started to use social identity services such as Twitter, Facebook, Google, LinkedIn: but users have sometimes balked at mixing an app in with their social profile.

Twitter has a long history of working with phone numbers and SMS and they have coverage in most of the world. They’ve been there and done that. Building out a comparable service is non-trivial. Offering Digits as a free service with “easy to use” SDKs for iOS, Android and the web is an attractive option for app developers.

Digits supports 191 countries and 28 languages. The user experience is nice and clean. With most platforms showing an alert at the top of the screen for an inbound SMS message, the user will not need to change screens to acquire and then enter the confirmation code.

There are a few challenges to using a phone number as an identifier. First, it is not an opaque identifier that is only used to identify the user to a specific service. It is a global identifier and can be used to correlate your activity across any service that has it. Unlike email addresses where the privacy aware can generate and use site unique addresses to isolate their activity, managing site specific phone numbers has a real monetary cost for most jurisdictions.

While promoting OpenID, site operators would tell us that knowing it was the same user again was not all that compelling. They wanted profile information about the user and a verified email address to reduce enrollment friction. The social logins from Facebook, Google, Twitter and LinkedIn provided this; a major reason why signing up with those services has become so common for new web sites and apps. Providing profile information is not solved by Digits, but the developer is getting a verified way of contacting the user (phone number), and as mobile apps replace desktop web sites, the profile data may not be as relevant as it was a decade ago.

Twitter talked about developers being able to track users as they change phone numbers, but there were no details on how this would happen besides the user explicitly going to digits.com and changing it themselves. It is unclear what would trigger and motivate a user to link phone numbers, and unclear how it works if the user does not have phones with both numbers available at the same time. But changing or having multiple phone numbers might be more of a first world problem. From what I hear, emerging markets don’t churn through phone numbers like some first world segments.


On the positive side, phone numbers are pretty simple identifiers to remember, and proving you control one is pretty easy on a mobile device. Unlike an identifier from one of the social services, Twitter does not control the phone number identifier, and the developer has an option to use a different service without losing all their users.

The phone number is also also a mechanism for learning the user’s social graph through the contacts on the phone — a technique that worked well for WhatsApp. It is a list the user has direct control over and is relatively easy to manage. Twitter announced plans to lower the barrier to using the contact list with a future version of the SDK which would return validated phone numbers.

Years ago, a number of members of the “identirati” lamented over the stalled progress of OpenID and user-centric identity. We predicted that future internet identity innovation would happen in mobile. Previous mobile advancements provided native mechanisms to authenticate the user from an existing service (the Google Silo on Android, and the Facebook and Twitter silo on iOS). This lowered the friction in mobile, but is not user-centric and just extended the existing web identity silos. Digits is a true cross platform innovation that works well for the global mobile web audience.


Will the phone number be the digital identifier to rule them all?

There are all kinds of issues with the phone number being used for heavy weight identity transactions, but for light weight web and mobile apps, Digits could lead a sea change in how mobile users authenticate.

UPDATE Jan 28, 2015

Twitter finally rolled out Digits for Web. It took a long time, and requires your users to have already logged into Digits with one of the native libraries on a mobile app. Very disappointing. Rather than provide what developers need, Twitter is doing what will help Twitter short term. While Digits will provide value, not having an open web interface just guts 80% of the opportunity.