Page MenuHomePhabricator
Create Task
Maniphest T171200

Add a configuration option to make email mandatory during account creation
Open, LowPublic
Actions

Description

During the process of account creation, the 'email' field is optional. If user does not enter the email during account creation and user forgets his password, then user does not able to access account by resetting password using "Forget password".

Also there is not mobile number verification is added. Hence i suggest to make an email OR mobile number compulsory/mandatory field so user can easily reset the forgotten password.

See also:
T58028: Show Echo web notification (asking users to consider providing an email) to users who don't have an e-mail address associated with their account
T58074: Remind users who have entered an email address, but haven't confirmed it
T215633: Emailability: Prompt users during email skip attempt

Related Objects

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 20 2017, 5:52 PM
Vaibhav.phale1 triaged this task as Medium priority.Jul 20 2017, 5:57 PM
Vaibhav.phale1 updated the task description. (Show Details)
Vaibhav.phale1 removed a subscriber: Aklapper.
Dereckson added projects: Security, MediaWiki-Authentication-and-authorization.Jul 20 2017, 6:00 PM
Dereckson added a subscriber: Dereckson.

@Vaibhav.phale1 There is a balance to find between security and privacy: when you ask a mail, you ask people to provide a private information (or a burden to create a new mailbox separated from the main address). Did you take that in consideration in your analysis and what are your thoughts about this?

matmarex added a subscriber: matmarex.Jul 20 2017, 6:04 PM

It seems that setting $wgEmailConfirmToEdit = true is a way to achieve this, but I'm not sure if this exactly matches your requirements.

MaxSem added a subscriber: MaxSem.Jul 20 2017, 6:39 PM

@Vaibhav.phale1, are you requesting this for Wikimedia projects, or MediaWiki in general?

Aklapper changed the task status from Open to Stalled.Jul 20 2017, 6:51 PM
Aklapper removed Vaibhav.phale1 as the assignee of this task.
Aklapper raised the priority of this task from Medium to Needs Triage.Jul 21 2017, 8:16 AM
Vaibhav.phale1 added a comment.Jul 21 2017, 12:20 PM

@MaxSem, I only request that Wikipedia have to make email I'd or other user verification detail as mandatory field. So they can easily recover their account if they forgets the password. Because, nowadays peoples are having multiple accounts on different websites. They unable to memorize all user I'd and password.

Anomie renamed this task from To make an Email I'd as a mandatory field. to Add a configuration option to make email mandatory during account creation.Jul 21 2017, 1:56 PM
Anomie updated the task description. (Show Details)
Anomie added a subscriber: Anomie.Jul 21 2017, 2:16 PM

I tried to clean up the description and title for grammar and comprehensibility.

There seems to be two or three requests here:

  1. Make the email field mandatory during account registration, or provide a configuration option to do so.
  2. Add the ability to set a mobile phone number as a property on the user account, along with the ability to use this number for password reset. Then change #1 to make it mandatory that either email or phone number be specified.
  3. (maybe) Enable either #1 or #2 on WMF wikis.

#1 would be easy enough for someone to do, and simply having a configuration option for it doesn't seem very controversial.

For #2, adding the ability to input a mobile number would be easy enough (assuming we store it in the user_properties table rather than adding a column to user), as would changing the behavior of the configuration option in #1. Adding it to CentralAuth (SUL) would be somewhat more difficult, since there's no globaluser_properties table yet (see also T16950). Actually using the mobile number for password reset would require integrating and configuring an SMS gateway service, which might be difficult and/or expensive.

#3 would be an easy configuration change once the option exists, but would be a potentially significant policy change that may need significant discussion.

In T171200#3460195, @Vaibhav.phale1 wrote:

Because, nowadays peoples are having multiple accounts on different websites. They unable to memorize all user I'd and password.

That's why password managers exist.

matmarex removed a subscriber: matmarex.Jul 22 2017, 7:46 PM
Vaibhav.phale1 added a comment.Jul 23 2017, 6:32 PM

OK @Anomie sir. My intense is only to make Wikipedia account user friendly. So, users can able to reset their password easily. But wikipedia policy doesnt allow it to make email id as a mandatory fireld. You are also correct. Anyways, Wikipedia finds the better solution for this. (And sorry for my poor english). 😅😅😅

Aklapper changed the task status from Stalled to Open.Jul 29 2017, 4:41 PM
Aklapper triaged this task as Low priority.
TheDJ added a subscriber: TheDJ.Oct 3 2018, 7:57 AM

See also: T159837: Introduce confirmation step if user tries to register without email
which doesn't make it a requirement, but does make no-email an option you need to actively confirm and warns you of the consequences.

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL