Your phone number is becoming the online identifier of choice

In a relatively short time we moved a big part of our lives online: shopping, watching movies, ordering food, talking to friends, dating and sharing your passions. Most of these social interactions start by having an online identity. But there is a problem with that.

With the growing number of startups, tools and apps it is relatively easy to fake an identity. More and more people engage in scams, fraud or spam, or worse, fall victim to it. Although we all know nowadays to ignore that email from a Nigerian prince who inherited 41 million dollars and needs your help to release it — in many other cases it’s much harder to figure out if that someone you’re communicating with is really to be trusted. It’s no mystery that many popular services like Twitter, Facebook (which reportedly has around 170 million fake accounts) and Instagram have been battling the millions of fake users and bots for a while now. While having fake followers on social media might not be considered a problem (hey, it does makes you look more ‘popular’), it gets much trickier if you want to date someone you meet on Tinder, or rent out your apartment on Airbnb.

The root of the problem: email

Email is traditionally the most common form of online identity and used as the basis to create an account for many popular services we love and use each and every day. There are two big downsides to using email. First off, it’s a piece of cake to create a fake email address in a matter of seconds. In a short timespan someone can create hundreds of email addresses and thus create hundreds of fake accounts. Second, your legitimate email address is relatively easy to hack. Phishing emails, retrieving aging password recovery questions like ‘what’s the name of your dog’ (which you shared on Facebook years later), social engineering or automated password attacks are happening every day to millions of accounts.

A safer experience? Using the mobile number

More and more companies and online services are taking steps to make it harder to create fake accounts and increase security for their users. Doing so in a cost effective way, while keeping the on-boarding process of the user smooth, can be a challenge however. This is where the mobile phone number comes into play:

• Mobile phone usage is widely adopted around the world (and still growing).
• We tend to keep our mobile number with us for a long period of time — sometimes decades — which increases the trust factor.
• It’s much harder to get a mobile number than an email address: you need a working SIM card issued by a mobile operator and often need to provide identification and financial details.
• Hacking someone’s phone number is almost impossible to do, as someone would need to steal the physical SIM card or clone it at least. An almost impossible venture for the majority of fraudsters.

All of the reasons mentioned above make the mobile phone number ideal for identifying users on a wide scale. This is why you see a growing number of services using it to verify a user — from popular apps with millions of users like Whatsapp and Snapchat, to completely new startups like Who’s in (a neat app by our friends from PresentPlus). Just enter your phone number when creating a profile and instantly get a unique one-time password sent to you via SMS. Entering this password during your profile registration verifies you as a real person. It’s a no hassle solution, there’s nothing to download and every phone can receive an SMS. You don’t even need to have an active internet connection. Whether you use an Android phone, iPhone or a classic Nokia, it’s a simple but effective way to verify users.

Two-Factor Authentication

Next to having the mobile phone number as a primary identifier, you also often see it being used as a second security factor, commonly referred to as Two-Factor Authentication. Services like Gmail and Dropbox give users this option to increase the security of their account. It’s a great way to easily add another security layer and thus making sure your service and its users are more secure.

Want to know how to implement this yourself? You can use your own one-time password software and send the SMS via our gateway or let us do all the work by using Verify via our API to create and send unique and safe passwords.