Email-only auth, checkout phone-contact requirement, and account contact-change alignment

DEC-0094 - Email-only auth, checkout phone-contact requirement, and account contact-change alignment

Context

Several active DOL English docs had already moved toward email-only auth and phone as contact-only, but Product Discovery state and a few supporting UX docs still carried older wording such as verified recoverable contact, phone-auth, or verify-channel switch. That drift made checkout, recovery, and account-management behavior harder to read as one coherent system.

Decision

• Auth identifiers:
  • independent login in DOL English uses email only,
  • valid login identifiers are primary email and verified login emails on the same account,
  • phone is non-auth contact data and is not used as login or recovery factor in active DOL English scope.
• Signup and duplicate-contact handoff:
  • signup accepts email only,
  • signup requires password setup plus email OTP verification,
  • when signup email already exists, route directly to login step with prefilled email and clear notice,
  • do not auto-send OTP by default at duplicate-contact handoff.
• Checkout contact contract:
  • checkout is a protected flow and requires sign-in before checkout steps begin,
  • for Pro, Pro Max, and course purchase flows, payment completion requires:
    • signed-in account,
    • verified email,
    • phone contact present,
  • phone verification is not required for checkout completion,
  • checkout blocker may collect or update phone inline, but does not expose auth-channel switching behavior for phone.
• Sensitive contact changes:
  • email change flow:
    • re-auth,
    • OTP to current primary email,
    • OTP to new email,
  • phone change flow:
    • re-auth,
    • OTP to current primary email,
    • update phone contact without phone verification,
  • successful email or phone change sends security alert to prior primary email,
  • no post-change hold window is applied.
• Social/local-password safeguard:
  • social account may continue without phone,
  • setting a local password requires verified email.

Decision Value

• Removes the last major auth/contact contradiction between Product Discovery and active UX docs.
• Keeps checkout strict where it matters for service continuity, without introducing a fake security requirement around phone verification.
• Makes account-management flows easier to implement and audit because every sensitive contact change now anchors on re-auth plus current-email proof.

Rationale

Once phone is no longer a login method, verified email OR verified phone becomes an unstable policy: it mixes service-contact completeness with account-ownership proof. The cleaner model is email owns identity, phone supports service operations, and checkout only asks for the minimum additional contact data needed for paid support and fulfillment.

Implications

• Product/UX impact:
  • active docs must stop using verified recoverable contact as the checkout contract for DOL English,
  • active docs must not describe phone as login, recovery, or checkout verification factor.
• Account/security impact:
  • forgot-password and OTP unlock remain email-based,
  • sensitive contact-change flows become explicit and consistent across Account and Register docs.
• Checkout impact:
  • blocker UI must preserve plan/cycle/context,
  • blocker should support inline phone capture/update and immediate resume after data is complete.

Alternatives considered

• Option A: keep verified email OR verified phone as checkout minimum (rejected).
• Option B: require verified phone for paid flows (rejected).
• Option C: email-only auth, verified email + phone contact for paid checkout, no phone verify (selected).

Open follow-ups

• None at blocker level for current DOL English Web V2 scope.

Decision quality check

Decision quality check: DEC-0094

• Score: 12/12
• Weak dimensions: none
• Action: promote as canonical auth/contact refinement for DOL English active scope.