Email and phone numbers have long coexisted as digital identifiers, each serving different user expectations, security needs, and business goals. In recent years, companies have begun questioning whether offering either—or both—has a tangible impact on their bottom line. Based on the evidence, we think it does.
For instance, according to the Baymard Institute, 18% of all ecommerce carts are abandoned because the shopper was forced to create an account. If offering a customer’s preferred verification method could claw back even one percent of those drop-offs, it would make a huge difference in sales.
As we explore the pros and cons of email versus phone number-based authentication, we’ll consider how different users interact with these methods, the technical and financial impacts for businesses, and how these identifiers complement efforts like marketing.
The trusted veteran of email authentication
Email-based authentication has been the backbone of online identity for decades, and with good reason. Most internet users are familiar with the process: sign up, check your inbox, click a link or copy a code, and you’re in. Email verification is a vital first step in ensuring a user is legitimate for both password-based and more modern forms of authentication.
Email’s near-universal adoption means most customers can sign up without a second thought. It’s also remarkably cost-effective compared to text messaging, especially for businesses with large customer bases. Unlike SMS, sending an email is practically free. While SMS verification messages typically cost $0.05 each, MFA emails ring in at less than a hundredth of a cent.
As an added bonus, email magic links are phishing-resistant because the recipient doesn’t need to enter a password. Man-in-the-middle attacks, which trick unsuspecting users into handing over their credentials and OTPs, fall flat when faced with a relatively unphishable magic link. The feather in email’s cap, however, is its marketing potential.
Verifying an email address is often your first foray into the customer’s inbox, opening up opportunities for newsletters, promotions, and customer support communications (assuming they have opted in to receiving them). Integrating an outreach cadence with authentication offers long-term engagement strategies that can drive customer retention.
However, email authentication has its drawbacks. The ease of creating an email address means fake or temporary email addresses can end up in your system. And while email makes signing up more accessible, mobile users might find the process clunky. Switching between an app and an email client can potentially lead to drop-offs during registration.
The mobile-first contender of phone number authentication
The shift towards mobile-first customer experiences has transformed virtually all online interactions. According to eMarketer, mobile devices now account for 44.6% of all US retail sales, which means nearly half of your users expect a mobile-friendly experience. By the same token, phone number authentication has grown from a handy alternative to a business enabler for many organizations.
One of the most significant advantages of phone authentication is its potential to reduce fake accounts. Phone numbers are tougher to fabricate than email addresses, which can help maintain the integrity of your user base. For the right form factor (such as mobile applications), phone authentication offers a more native and seamless end user experience than email-based authentication. Text messages also enjoy much higher open rates than email, making them ideal for time-sensitive offers. Just use them sparingly, bearing in mind that 96% of consumers have been annoyed by brands texting them.
Like email, phone authentication comes with its own set of challenges. The most significant is cost. While sending an email is nearly free, SMS verification can become expensive at scale. Similarly, sending SMS internationally can be both legally challenging and costly. In many jurisdictions, phone numbers are considered more sensitive personal information than email addresses.
SMS doesn’t offer an equivalent to email magic links, either. While device-based authentication is entering its heyday with biometrics and public-key cryptography, those methods aren’t tied to traditional phone numbers. Instead, text messaging is at a significant disadvantage because of its vulnerability to both phishing and SIM swapping.
Interestingly, a preference for phone authentication follows generational trends more than email addresses. Studies show that Baby Boomers are less inclined to use mobile apps, and thus don’t benefit from phone auth as much. Conversely, Gen Z is more than 7 times as likely to shop on a social media app—typically mobile-first platforms with phone number authentication.
Choosing the right approach for your business
How do you decide between email and phone authentication? Start by looking at your demographics. Younger users prefer the simplicity of phone authentication, while older customers are more comfortable with email. Consider your users' habits, too. Is your platform an app that’s primarily accessed via mobile devices, or do you drive most of your traffic through a desktop-oriented website?
Another consideration is how users engage with your offering. For example, some mobile-first services require frequent logins, so the ease of phone authentication might be welcome. Email is a better choice for businesses that cater to a crowd that logs in less often, or those that value a more secure approach to multi-factor.
Unfortunately, while SMS-based 2FA is popular and convenient, its phishing and SIM-swapping vulnerabilities make it risky for high-security environments. Companies dealing with sensitive data or financial information can still use phone numbers for initial account verification or as a backup recovery option—but not as your sole second factor.
Many businesses are finding success in offering both phone number and email-based authentication, letting customers decide which is right for them. This hybrid approach potentially increases sign-up rates and user satisfaction while providing a fallback option if a user loses access to one method.
Looking ahead to the identifiers of tomorrow
Just as phone numbers are now superseding email addresses in some user segments, tomorrow's identifiers will eventually take over, too. While we don’t know for sure what they’ll be, the key to implementation remains the same: align your authentication strategy with your customers’ needs and your broader business goals.
Authentication is not a set-it-and-forget-it decision. Whether you’re just dipping your toes in identity or reassessing your long-standing auth strategy, an overinvestment in today’s methods can spell trouble down the road. That’s why offloading the heavy lifting of keeping up with modern authentication is such an attractive approach for most businesses.
So, what will you choose: phone number, email, or both? Whichever approach you take, keep your customer in mind. For them, it’s more than a simple security measure—it’s an integral part of their experience.
For more authentication tidbits and analysis, subscribe to our blog or follow us on LinkedIn.
