Why not just have the user enter their phone number? You only store a hash of it and only verify whether it is indeed the one they registered with, and use the real one only for the duration of sending an SMS.
Not too secure, as phone numbers are easy to crack (possibly with randomized salt, that even twitter has to “brute force”?), but at least not every entry will be easily readable.
Not too secure, as phone numbers are easy to crack (possibly with randomized salt, that even twitter has to “brute force”?), but at least not every entry will be easily readable.