Auth0 Home Blog Docs

Use a phone number as primary ID instead of an email for signup and login?



I am building an Android application in a country where many potential users will not have email accounts, and phone numbers are typically the primary account identifiers. Is there an option to use a phone number rather than an email address as the primary user account key?

This seems like a fairly simple question, but I have looked through the documentation and have not found anything. The closest I have found is using passwordless authentication in the Android app, but that was deprecated due to legitimate security concerns. Aside from moving back to that model, I would be content with the standard login flow where users enter a phone number and password to register a new account, and then they can optionally verify the phone number using a one-time password over SMS. Note the distinction here from 2-factor authentication, where in my case mobile would be the sole factor, and SMS is used for verification of phone number rather than authentication.

The option of requiring a username in the database is a step in the right direction. Can this be done by creating a custom database, for which I think I would need to upgrade my Auth0 account, or is it possible through some way I’m missing.

p.s. I know that essentially all my users will have an email associated with an account on their Android phone, but these are merely used to lg in once to the OS and not checked for actual email. It’s common practice for multiple users to share the same phone account, and store owners may even set this up for their customers, so this email account would not be a good way for me to manage my users.

EDIT: I suppose my question is very similar to question #9859, but the answer did not fit my situation. I am not looking for mullti-factor. I am looking for single factor where that factor is a phone number, not email.


In relation to passwordless authentication what was deprecated was some legacy endpoints that also were being used for some flows involving passwordless authentication. However, passwordless authentication (if you exclude the flows that require legacy grant types) is something that is still available.

In particular, you can use passwordless authentication through your hosted login page and if you go to your dashboard and navigate to the Hostes Pages section you’ll even find a passwordless template page for the hosted login page.

Given that you want your end-users to use the mobile phone as their primary and sole factor for authentication then passwordless authentication based on SMS still seems the option that would allow you to achieve that with less custom work.


Thanks. This seems to be exactly what I am looking for, but I am having a lot of issues setting it up through the dashboard. Whenever I use a customized Hosted Page, including but not limited to the passwordless template, my hosted auth screen changes to a generic email window and I receive this error when I try to type in my email: “We’re sorry, we can’t send you the email because there’s a configuration problem.” This is after I have set up and tested the SMS with Twilio.


Okay I figured out that I just had to edit the html for the hosted login page. Specifically, i had to change the lock command from emailCode to sms instead. The configuration error was arising because I had not configured email for the app. It is working smoothly now. Thanks for the helpful response. Once I found the right documentation it was easy. For future reference, the passwordless playground and the lock-passwordless githup repo were particularly helpful.