Please stop assuming everyone has a mobile phone.
I'm writing this post offline (I'll come back to fill in references later) as my internet connection is currently down. When we phoned our ISP to report the problem, we were presented with a recorded message informing us that they were aware of a fault, and directing us to monitor their website for updates. To paraphrase; "We know you don't have an internet connection at the moment, but we'll keep you updated via our website".
If this is not already setting off alarm bells in your head, think about it for a bit.
This is far from an isolated incident. At my last place of employment (a web agency) our ISP did not even publish a phone number anywhere. The only way we could find of reporting an outage was for someone to hot-spot with their mobile and to fill in a contact form on the ISP's website. When the technical support team rang back to diagnose the issue with us, their number was reported as ex-directory (withheld).
Not everyone has the same level of technical literacy
Using data on a mobile phone to access a website might not seem like an unreasonable solution if you work in technology; but the vast majority of internet users are not as technically adept as ourselves.
Imagine, for a moment, that one of your grandparents found themselves in the same situation. Would they be able to get to the website and fill in a contact form? Or would they more likely be left feeling angry and frustrated with no way of finding out how long the problem is going to take to be fixed?
I see a lot of websites and apps that have clearly been designed by someone who is intimately familiar with the technology in question, and hasn't even considered what the experience might be like for anyone else. It can be really hard to put yourself into someone else's shoes, but not even trying is doing your users a serious disservice - we are very rarely building an experience solely for ourselves.
Coverage isn't universal
Technical ability is not the only obstacle to my ISP experience this morning. Where I live there is no mobile reception. It doesn't matter how experienced I am at using a mobile phone, there physically aren't the requisite radio waves around for me to get onto the internet using one when the line is down.
A few years ago my Skype account was disabled for "suspicious activity" (I hadn't used it in a long time). The only way I could unlock it was to receive a text message with a code that expired in 10 minutes. At the time of this event, the closest mobile reception was more than 5 minutes drive away; there simply wasn't time for me to log-in on my computer, drive to the closest place where I could get signal, and get back to enter the code before it expired.
When I had signed up for the account I wasn't asked for a mobile number, only an email address. When they locked it, I wasn't even given the option to unlock with an email. For almost a month an email went back and forth to Skype's customer service team most days. They kept pointing me back to the unlock page on the website, and seemed totally incapable of understanding why I might not be able to use the system. Some time later I remembered my account when I was at a friend's house with both laptop and phone, and managed to delete it. They won't be getting repeat custom from me.
The majority is not the lowest denominator
Possibly the most amazing thing about the web is how democratic it is. You aren't tied to using a single device, browser, or OS. As long as you have a computer of some kind, and a way of connecting it to the internet, you can access almost all the same content as someone on the other side of the world with a totally different combination of the above.
What constitutes a computer is also wonderfully diverse; anything from fridges to mainframes can now connect, and the vast majority of websites will adjust themselves to try and optimise to the device they are being used on.
At the moment the most popular device to view the web on is a mobile phone of some form (this will almost certainly change, smart contact lenses or full-on brain interfaces next perhaps?). Unfortunately, many websites seem to be treating this majority as the lowest common denominator and - in the name of enhanced security - require a text message or some form of authenticator app on a phone before you can log-in, or make sensative transactions1. It doesn't matter what device you are using the website on, you must have a phone beside you, fully charged, and connected to the internet in order to complete what you are doing.
What if you don't own a phone? What if it is broken or has been stolen? What if, like me, you have one, but don't currently have reception on it? What if you are travelling to a country where your phone doesn't work with the local carrier signals?
I'm all for increased security, but I get a bit frustrated when my bank refuses a transaction on the grounds that I didn't enter my one-time text code when I have no way of receiving it in the first place.
It is impossible to make all but the simplest website work for everyone, but we can ensure it works for as many people as possible. I like to think that, as developers, we are getting better at catering to disabilities with things like proper colour contrast and alt text on images etc. Accessibility isn't just about disabilities, however, it also about catering to different access requirements and preferences.
Not everyone has a fast internet connection. Not everyone can afford a mobile phone, or has reception where they are currently connecting.
To make our experiences as resilient as possible, we can not make any assumptions about a user's devices beyond the one that they are currently connecting with. Anything else will be doing them a disservice, and potentially exclude and alienate anyone who happens to interact with our products in a different way than we do.
We're all different. The beauty of the internet is that it is already tailored to accommodating this. Let's not ruin it by changing that.
- Here in Europe we've recently seen the introduction of the PSD2 regulations concerning online transactions. The SCA part of PSD2 allows multiple ways of verifying a user's identify, but most payment providers only seem to have implemented text messages.