[proposal]Email/account verification on signup

[Swayam221]

As of now anyone can create an account with a fake email address. We can include verification so that only verified emails can be allowed full use of the application.

[Sagar2366]

Good observation. Start working on this issue.
OTP based authentication can be added for valid email verification. If you have any other proposal feel free to share/add.

[sumitra19jha]

@Sagar2366 @Swayam221 Can we use password-less authentication for the system. The current architecture requires password and generally user doesn't remember that. So we can either have:

1. OTP based verification or
2. OTP based authentication

In verification user password exists and user get OTP at signup or forget password.
In authentication part user receive OTP at each login. Therefore there is no need to have forget password separate screen or create password input field.

[Swayam221]

@Sagar2366 @sumitra19jha Thankyou! i will look into whatever we decide. @Sagar2366 @DeltaHarbinger @jordanliu should we have a password and email verificaion or remove password completely and have an OTP system?

[Swayam221]

@Sagar2366 @DeltaHarbinger @jordanliu should i proceed with email verification only?

[shauravshikhar]

is someone working on this issue if not then i can work on this plz assign me to this issue @Sagar2366

[Swayam221]

is someone working on this issue if not then i can work on this plz assign me to this issue @Sagar2366

@shikharsaurav Im working on it. The thing is the projecct is actually under a code freeze and so enhancement and feature PRs are not being taken and probably thats why even im not assigned to it yet.
feel free to look out bugs and report them and checkout other bug issues. Thanks!

[palisadoes]

@Swayam221 Please proceed. What do you propose if the app is used in a country where most people don't have an email address?

We were thinking of having pre-defined admin users being able to admit their friends or community members through a QR code system between phones as an alternative. Do you think there is a way to do this too that is as secure as email?

[Swayam221]

@palisadoes For a country without email addresses, wouldn't we have to change the registration system entirely as right now, a user must register with an Email?

[utkarshshendge]

@palisadoes @Swayam221 we can add phone number as well for authentication. People may not have an email address but people who are using Talawa will probably have a phone number. So they can log in with a phone number.

Instagram does something similar to this, so the user has the freedom to login with any one of the combinations:

• Email-password
• Phone-password
• Username-password

Will this be a good approach?