Account recovery via SMS

Ory now supports sending account recovery codes via SMS, in addition to email.

This allows users who only have a phone number associated with their account to complete the recovery process. If multiple recovery addresses are configured, users can select the destination (email or phone number) during the flow and change their selection before receiving the code.

This feature supports custom SMS templates, similar to email templates.
It does not support recovery links via SMS, as numeric codes are more secure and align with Ory’s approach.

• This feature is opt-in for existing projects and enabled by default for new projects.

• No changes are visible to users with email-only accounts.

• System administrators must configure an HTTP gateway to send SMS messages.

• New API fields related to this feature are available in the OpenAPI schema.

This update is available on Ory Network, Ory Kratos Enterprise, and will be included in the next Ory Kratos release.