A website requires users to validate their email – it’s how the user receives their password creation link, and email is essential to several core workflows.
There is now also a need to collect and validate SMS numbers, though two factor authentication is only needed for a specific high-level task that not all users will need.
My sense is that we should make the mobile number optional in the registration flow (per this answer) and let the user validate it later, when it’s truly needed. However, in the moment when it’s needed (let’s say, right before publishing a page on the site), a “Please validate your phone number” message will be very disruptive and break the user’s flow, especially if there are problems.
What might be the best solution?
- Validate both phone and email for everyone in registration, and never make the user think about it again. It just seems like a lot of validation for a user who might be ready to create an account, but might not yet be very engaged with our site.
- Validate the email in registration, and the phone in the “moment of need”, but try to make the process as smooth and unobtrusive as possible.
- Validate the email in registration, and the phone number later, but before the user gets to the “moment of need”, perhaps when they start editing the page they’re going to publish.
Or, is there a better process for this?