kurtseifried (he/him)Ok Here's the new simple test you should think about for authentication if you're providing it to people and not providing strong account recovery methods (e.g. you're not a bank with branches they can go into to change their password).
Does your auth system work for someone who uses the public computers at the library, and doesn't have a reliable phone number (e.g. they're on prepaid SIMs and occasionally swap numbers due to non payment).
For extra bonus points what happens if they don't have a phone at all?
You can simulate this by going to a library, turning your phone off, and trying to read your email via one of their public computers. Try it sometime, it won't be nearly as easy as you think it is.
All GNU social JP content and data are available under the