Recently I was locked out of my own Ghost blog platform because they decided they were going to add Email 2FA. I also cannot add any other authors because that requires email verification.
Today I was looking at installing Bonfire and came across this:
Bonfire requires working email for user signups, password resets, and notifications. Most installations will need email configuration before the instance is usable.
Setting up email is a pain in the ass, costs money, is dependent on 3rd parties, violates privacy, and is just completely unnecessary. Why wouldn’t you give users the option to not use it? It’s infuriating!
You’re getting ragged on but I would very much prefer an approach with these things that used some sort of modular system.
I’m imagining the service would have the option for “address for communication bridge” and it’d pass messages to it using JSON or something. The communication bridge would then decide which medium that would go through (email, SMS, smoke signals, whatever the owner configures).
As far as the service is concerned messages come and go (or just go) and how that side of things works isn’t its problem. It’d also mean that one could configure fallback messaging mediums and use dummy ones for if one doesn’t want anything like that (much like the “emails print to the console” debug tool Django has).