diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -2205,6 +2205,7 @@
     'PhabricatorAuthContactNumberEditController' => 'applications/auth/controller/contact/PhabricatorAuthContactNumberEditController.php',
     'PhabricatorAuthContactNumberEditEngine' => 'applications/auth/editor/PhabricatorAuthContactNumberEditEngine.php',
     'PhabricatorAuthContactNumberEditor' => 'applications/auth/editor/PhabricatorAuthContactNumberEditor.php',
+    'PhabricatorAuthContactNumberMFAEngine' => 'applications/auth/engine/PhabricatorAuthContactNumberMFAEngine.php',
     'PhabricatorAuthContactNumberNumberTransaction' => 'applications/auth/xaction/PhabricatorAuthContactNumberNumberTransaction.php',
     'PhabricatorAuthContactNumberPHIDType' => 'applications/auth/phid/PhabricatorAuthContactNumberPHIDType.php',
     'PhabricatorAuthContactNumberPrimaryController' => 'applications/auth/controller/contact/PhabricatorAuthContactNumberPrimaryController.php',
@@ -7909,12 +7910,14 @@
       'PhabricatorApplicationTransactionInterface',
       'PhabricatorPolicyInterface',
       'PhabricatorDestructibleInterface',
+      'PhabricatorEditEngineMFAInterface',
     ),
     'PhabricatorAuthContactNumberController' => 'PhabricatorAuthController',
     'PhabricatorAuthContactNumberDisableController' => 'PhabricatorAuthContactNumberController',
     'PhabricatorAuthContactNumberEditController' => 'PhabricatorAuthContactNumberController',
     'PhabricatorAuthContactNumberEditEngine' => 'PhabricatorEditEngine',
     'PhabricatorAuthContactNumberEditor' => 'PhabricatorApplicationTransactionEditor',
+    'PhabricatorAuthContactNumberMFAEngine' => 'PhabricatorEditEngineMFAEngine',
     'PhabricatorAuthContactNumberNumberTransaction' => 'PhabricatorAuthContactNumberTransactionType',
     'PhabricatorAuthContactNumberPHIDType' => 'PhabricatorPHIDType',
     'PhabricatorAuthContactNumberPrimaryController' => 'PhabricatorAuthContactNumberController',
diff --git a/src/applications/auth/controller/contact/PhabricatorAuthContactNumberDisableController.php b/src/applications/auth/controller/contact/PhabricatorAuthContactNumberDisableController.php
--- a/src/applications/auth/controller/contact/PhabricatorAuthContactNumberDisableController.php
+++ b/src/applications/auth/controller/contact/PhabricatorAuthContactNumberDisableController.php
@@ -24,7 +24,7 @@
     $id = $number->getID();
     $cancel_uri = $number->getURI();
 
-    if ($request->isFormPost()) {
+    if ($request->isFormOrHisecPost()) {
       $xactions = array();
 
       if ($is_disable) {
@@ -42,7 +42,8 @@
         ->setActor($viewer)
         ->setContentSourceFromRequest($request)
         ->setContinueOnNoEffect(true)
-        ->setContinueOnMissingFields(true);
+        ->setContinueOnMissingFields(true)
+        ->setCancelURI($cancel_uri);
 
       try {
         $editor->applyTransactions($number, $xactions);
diff --git a/src/applications/auth/controller/contact/PhabricatorAuthContactNumberPrimaryController.php b/src/applications/auth/controller/contact/PhabricatorAuthContactNumberPrimaryController.php
--- a/src/applications/auth/controller/contact/PhabricatorAuthContactNumberPrimaryController.php
+++ b/src/applications/auth/controller/contact/PhabricatorAuthContactNumberPrimaryController.php
@@ -41,7 +41,7 @@
         ->addCancelButton($cancel_uri);
     }
 
-    if ($request->isFormPost()) {
+    if ($request->isFormOrHisecPost()) {
       $xactions = array();
 
       $xactions[] = id(new PhabricatorAuthContactNumberTransaction())
@@ -53,7 +53,8 @@
         ->setActor($viewer)
         ->setContentSourceFromRequest($request)
         ->setContinueOnNoEffect(true)
-        ->setContinueOnMissingFields(true);
+        ->setContinueOnMissingFields(true)
+        ->setCancelURI($cancel_uri);
 
       try {
         $editor->applyTransactions($number, $xactions);
diff --git a/src/applications/auth/engine/PhabricatorAuthContactNumberMFAEngine.php b/src/applications/auth/engine/PhabricatorAuthContactNumberMFAEngine.php
new file mode 100644
--- /dev/null
+++ b/src/applications/auth/engine/PhabricatorAuthContactNumberMFAEngine.php
@@ -0,0 +1,10 @@
+<?php
+
+final class PhabricatorAuthContactNumberMFAEngine
+  extends PhabricatorEditEngineMFAEngine {
+
+  public function shouldTryMFA() {
+    return true;
+  }
+
+}
diff --git a/src/applications/auth/storage/PhabricatorAuthContactNumber.php b/src/applications/auth/storage/PhabricatorAuthContactNumber.php
--- a/src/applications/auth/storage/PhabricatorAuthContactNumber.php
+++ b/src/applications/auth/storage/PhabricatorAuthContactNumber.php
@@ -6,7 +6,8 @@
   implements
     PhabricatorApplicationTransactionInterface,
     PhabricatorPolicyInterface,
-    PhabricatorDestructibleInterface {
+    PhabricatorDestructibleInterface,
+    PhabricatorEditEngineMFAInterface {
 
   protected $objectPHID;
   protected $contactNumber;
@@ -232,4 +233,11 @@
   }
 
 
+/* -(  PhabricatorEditEngineMFAInterface  )---------------------------------- */
+
+
+  public function newEditEngineMFAEngine() {
+    return new PhabricatorAuthContactNumberMFAEngine();
+  }
+
 }
diff --git a/src/applications/transactions/editengine/PhabricatorEditEngineMFAEngine.php b/src/applications/transactions/editengine/PhabricatorEditEngineMFAEngine.php
--- a/src/applications/transactions/editengine/PhabricatorEditEngineMFAEngine.php
+++ b/src/applications/transactions/editengine/PhabricatorEditEngineMFAEngine.php
@@ -34,6 +34,28 @@
       ->setObject($object);
   }
 
-  abstract public function shouldRequireMFA();
+  /**
+   * Do edits to this object REQUIRE that the user submit MFA?
+   *
+   * This is a strict requirement: users will need to add MFA to their accounts
+   * if they don't already have it.
+   *
+   * @return bool True to strictly require MFA.
+   */
+  public function shouldRequireMFA() {
+    return false;
+  }
+
+  /**
+   * Should edits to this object prompt for MFA if it's available?
+   *
+   * This is advisory: users without MFA on their accounts will be able to
+   * perform edits without being required to add MFA.
+   *
+   * @return bool True to prompt for MFA if available.
+   */
+  public function shouldTryMFA() {
+    return false;
+  }
 
 }
diff --git a/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php b/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
--- a/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
+++ b/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
@@ -4916,6 +4916,10 @@
     $require_mfa = $engine->shouldRequireMFA();
 
     if (!$require_mfa) {
+      $try_mfa = $engine->shouldTryMFA();
+      if ($try_mfa) {
+        $this->setShouldRequireMFA(true);
+      }
       return $xactions;
     }