Not everyone has one, not everyone wants one, and not everyone wants to share it if they do.
There are many valid reasons that online service providers request, or even require, your phone number. Most are for your protection (honest!).
But there are scenarios where handing over a phone number isn’t the right thing to do. If so, that rules out using any email providers requiring them.
I have a recommendation.
Become a Patron of Ask Leo! and go ad-free!
Make an email without a phone number
ProtonMail does not require a phone number or personal information and also supports forms of encrypted email for privacy. If needed, you can upgrade to paid tiers. Understand that without a phone number or recovery email, you may lose the account should you forget the password or get hacked.
Why a phone number?
Conspiracy theories aside, online services want your phone number for one simple reason: to be able to confirm your identity should you lose your password. Even if you lose your phone — a very common concern — your number can quickly be moved to a replacement phone, and your ability to confirm your identity remains intact.
I also believe more services are requiring phone numbers as a way to confirm that you’re legitimate and not going to abuse their systems. Email abuse is rampant, and requiring a phone number provides an additional level of accountability. It’s also something that most email abusers don’t want to provide, thus keeping them off the system.
What I don’t believe is the common conspiracy theory that email services want your phone number to track you. There are plenty of ways the big services can track you, if they so desire, without needing your phone number. And, no, I don’t believe we’re being tracked at an individual level anyway. (If you believe we are, then you need to step away from all mobile technology.)
Why not a phone number?
Certainly, if you feel that the service will use your number in some way counter to your interests, you don’t want to provide it. I get that. You need an email service that doesn’t require a phone number.
There are two additional reasons people don’t want to share their phone numbers:
- They need to remain anonymous, for whatever reason.
- They don’t have a phone — or mobile phone, as some systems require.
That last one — the requirement that you have a mobile phone able to receive SMS text messages — is the most common deal-breaker I hear of. Industry assumptions aside, not everyone has a text-enabled phone.
The next most common concern I hear is privacy-related.
Why ProtonMail?
To address both issues, I recommend ProtonMail. Quoting their website:
ProtonMail is incorporated in Switzerland and all our servers are located in Switzerland. This means all user data is protected by strict Swiss privacy laws.
We use end-to-end encryption and zero-access encryption to secure emails. This means even we cannot decrypt and read your emails. As a result, your encrypted emails cannot be shared with third parties.
No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first.
Privacy, security, anonymity — and free.1 Seems like a pretty good deal to me.
About that encryption
I want to clarify one important aspect about the encryption that ProtonMail offers.
It’s not really encrypted email.
Truly encrypted email requires the use of decryption software between both the sender and the recipient. Since we can’t control the recipient’s email tools, there’s no way to encrypt an email message and know they’ll be able to securely decrypt it using their email program or interface.
To encrypt an email sent to a non-ProtonMail account, you must first specify that encryption is to be used (it’s off by default) and then supply a password for the message.
The recipient will get a link to your message rather than the message itself.
On clicking “View Secure Message”, they’ll be taken to a ProtonMail webpage where they enter the password to view the message.
You need to provide the password to the recipient by some other means.
Related
Yes, You Should Give Google Your Mobile Number
Google uses your mobile number for verification if you lose access to your account. Some people don't want to provide it. They should.Account recovery
I have to re-emphasize that without a phone number or alternate email address (also optional at ProtonMail), if you lose your account, you lose your account. Period. If you forget your password or your account is somehow hacked (they do support two-factor authentication, again without requiring your phone number), then you have no way to prove you are the rightful account holder, and your account will be lost forever.
Other alternatives
There are a variety of other services that may or may not require a phone number or alternate email address.
Here’s one relatively recent list.
Some services are familiar, and others may have some caveats (if abuse is suspected, they may suddenly require a phone number), but it’s a good list to review should you find that ProtonMail is not for you.
Another other alternative
Finally, there’s one approach I recently became aware of that would allow you to create an account at providers that require a mobile phone number without having your own mobile phone.
These services provide a phone number you can use for a very short period of time to receive an SMS message. You then walk away from that number, but the account that required a phone number thinks you have one.
Important: you will not be able to receive SMS messages from that number in the future. If you ever need to provide additional verification that you are you via a text message, you will not be able to. You may lose access to your account or have a significantly more difficult time regaining access.
Needless to say, I can’t recommend this approach in general, since it sets you up to lose your account in even more situations than not having a phone number configured at all. But it might be an appropriate solution for some, as long as you’re aware of the risks going in.
Do this
Honestly, if you have one and you can bring yourself to do it, I recommend sharing your phone number with your email service provider. It’s an important recovery tool should you ever lose access.
If that’s not for you, then I recommend ProtonMail. And of course, if Proton’s not for you, there are many alternatives.
I also recommend you subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week. (And no phone number is needed.)
Podcast audio
Related Video
And if you’re wondering about trust and reliability, Proton Mail was developed at CERN, the home of the Large Hadron Collider and creator of the World Wide Web, for secure communication between their researchers.
Yep! It’s the lack of a mobile phone that causes me the most trouble. I keep being nagged on various websites to provide a mobile number, which I don’t have. My bank recently forced everyone into two-factor, but at least they let you receive a text or a voice message so you can use either mobile or landline. That I like.
Microsoft on the other hand, wouldn’t let my son into his Microsoft account because Microsoft wanted to confirm his ID by sending a text message and we don’t have a mobile phone. Had to borrow the neighbour’s mobile to get it to work.
“A” solution is… buy a burner phone. An el cheapo old style phone that will send phone calls and get txts. Like an old style Nokia flip phone. Get credit that lasts 12 months or more on a pay as you use plan.
Use that number for notifications by sms texts. Everybody in the household could have use of that phone for the troublesome sms 2 factor confirmation stuff.
Sure, there is a cost, but spread over several people it shouldn’t be onerous. Heck, even for 1 person it wouldn’t be all that much spread over 12 months.
Except that it is an extra cost that doesn’t need to be there. There is no reason why these codes can’t be sent as a voice message. Some services do. Some services send the code to an email address. If sending a code via text message is your only option, then your service is not very good, in my opinion. Too cheap to invest in multiple options to meet the needs of multiple types of customers. I don’t need your service then.
Instead of a burner phone, you can get a Magic Jack. It’s only $35 a year, cheaper than a burner phone. Yesterday, I tried to log into my Bank of America account from Europe and they required phone confirmation. They included a box to check if I preferred a voice call. I ticked it and it worked. I then ticked the box “Remember this device.” Some institutions are starting to get it.
Again, it’s another fee that doesn’t need to be there, when it’s not really any more difficult for these websites to offer the choice of text or voice codes. Unfortuntately, not every website gets that.
Unfortunately, as Mick Jagger said, “You can’t always get what you want” :-(
Unfortunately you don’t always get what you need either. :-(
Have you tried the microsoft authenticator app? I have it on my phone, but I believe it can be used on a computer also.
Another use for ProtonMail is for account recovery. Often when traveling in a different country, you are asked to verify that it is you accessing the account sending a verification SMS test message or email to another account. If your recovery email also requires verification when you travel, you might still remain locked out. ProtonMail is perfect for this as you can log in from anywhere without any lockouts.
I like to think I’m a big privacy guy and there are only a few things that can uniquely tie you to you, your email and your phone. For that reason, I resist giving my phone number to services on the ‘net – I already gave them my email address!
Leo, I’ve never seen you warn readers against using an internet provider’s email service. It sets you up to lose everything if (when) you change providers. As a noob, I used Earthlink’s email until I dumped them in favor of a better IP. To my ugly surprise, Earthlink locked me out and I lost contacts, addresses, and messages forever. Since then I warn everyone about using provider’s email service. This warning bears repeating, don’t you think?
There are pros and cons to be sure. The pro is that they have customer support, and should be able to help you. No idea why you were locked out, but as a paying customer that simply should not happen.
Of more concern: My ISP Went Under; How Do I Recover My Email and Email Address?
Which is why I recommend owning your own domain (like I own askleo.com), and using that for your email addresses. You can run through any provider (I use Gmail), but can switch at a moments notice.
How Do I Keep My Email Address When I Switch ISPs?
He was locked out after he stopped paying. So it’s the same scenario as the article you linked to: My ISP Went Under; How Do I Recover My Email and Email Address?
My first free email provider was Yahoo, as I had lost all of my emails and contacts when I switched ISPs from AOL and I knew I’d not be staying with the same ISP forever. I’ve changed providers a few times but I still have that Yahoo account after 23 years.
Your own domain name is probably the best, but even just using an email client like Thunderbird is not a bad option. You can move emails out of your ISP’s Inbox into a local account on your computer to save them, and the address book is saved on your computer. If you change your ISP, you don’t lose your saved email and you don’t lose your address book. Sure you have to go through notifying everyone to update their address books for your new email, but at least you’ve got the more important stuff.
As you point out you still have to tell everyone your new email address, and you risk losing email from everyone that didn’t get the message (like places you’ve been doing business with). Owning your own domain and having an email address completely under your control solves that. leo@askleo.com will work no matter what, no matter who goes out of business, and no matter how I elect to handle the email.
I agree … it happened to me. My ISP was Verizon; part of my monthly bill was for Yahoo email. I had everything linked to my Yahoo email address. A couple years later when Verizon sold to Frontier, everyone was automatically switched to AOL. During that process no one bothered to mention that it was up to the users to set up forwarding of future emails on thier own and it had to be done beforehand. Once the automated transfer of existing emails was complete we were locked out of Yahoo and couldn’t set up forwarding. And even though we were paying for Yahoo email with Verizon, we had no support beyond FAQ pages and a community of other users for any help needed. Also during that time Yahoo experienced a major hack … we had to learn about this on the news, Yahoo didn’t provide any advice or support.
I have no objection to the phone number requirement BUT I don’t have a cell phone and my phone on the wall doesn’t do text.
That’s why an article like this one had to be written. It’s important to protect people’s accounts from loss and hacking but sometimes the protections go too far.
I’m American and I live in Europe. I use a Magic Jack to receive calls form the US. It also is useful for signing up for email accounts. As I mentioned in another comment here, I used it to get into my banking website yesterday.
I have 4 phone numbers on my cell, all can text too. I use magicjack for my old home phone number and it rings thru an app. Averages about $20/year, much lower than a landline. Google gives you a free number, app too. Hushed is my 4th number, app too, & I actually paid a modest price for lifetime use. All ring, all notify. My cell number is NEVER needed on the internet
I live in Germany and use the Magic Jack app on my cellphone. I got it originally so that people can call me from the US hassle-free. It works perfectly for account verification and I used it just yesterday to log into my bank account.
I bought a Magic Jack a few years ago. I installed the Magic App on my phone as soon as I got it. I never used the physical Magic Jack. Having the app on my phone allows me to use my cell phone anywhere in the world to make and receive calls to and from the US as long as I have an Internet connection.
I am currently in Germany, so I use a Google Voice phone number for accounts which require a phone number for 2F authentication or recovery. Works over wifi (it is a VOIP number). It does require that you have a US number to sign up, because it is only available in the US.
I wonder if requirements vary by country. Often seen this assertion that some providers won’t let you create an account without a phone number, but I was still able to deliberately create additional accounts bypassing the phone number requirement in every case. However, this is followed by regular reminders over the following weeks and months to add security information to the account. (Yes I’ve gone back after a while and added the info to my most important accounts where required).
Glad for your point that “Even if you lose your phone, your number can quickly be moved to its replacement phone”. I’ve seen on another help forum where people lose their account because they lost their phone. I could never understand why their new phone would have a new unfamiliar number.
The scenario that I hear of is that they lost the phone or number a long time ago, and didn’t have a need to port it to a replacement — at least not that they knew of. Then, eventually, they need the old number for their account recovery, and it’s long gone.
The only other scenario that I can think of might be pre-paid, contractless phones, aka “burner” phones. But that’s just a guess, and it would vary based on the provider as well I think.
Yes, you may be correct that the loss was not recent. Makes sense now. I’ve started suggesting to people that your mobile number is becoming like the key to your front door. If you lose it, you can’t get back in to your email accounts, and perhaps some other important sites. I’ve had my number for about 15 years over 5 phones, and don’t intend to change it.
Most if not all websites, allow multiple recovery options. I have a phone number and three recovery email addresses for my accounts. Bank of America only offered to send the recovery code to my phone but they support landlines with automated voice support.
Um, proton mail DOES require a phone number.
They didn’t when I set it up.
Not true. I just opened an account with ProtonMail and it didn’t even have an option to add a phone number. That would defeat their purpose of offering privacy. I correspond with people on ProtonMail who are paranoid about having a cell phone.
What many people don’t understand is there is a generation of people that are computer illiterate. I was fortunate that my job introduced me to computers in Dec 1980. Many factory workers didn’t require the use of a computer, some only slid an ID badge. Now there in their 60’s or 70’s and are finally being introduced to technology so they can survive in today’s world. It’s just very confusing for many and they’re struggling to learn. I try to help who I can but it’s difficult for them to understand, so be patient when asked for help.
A key issue I kept reading in the article is Recovery of a Locked Out account. While a phone may be required just to get thru the new account application process, you can set up other email service accounts as recovery accounts for this new email. They can back each other up. Of course I also recommend at least 2 versions of 2FA and printing off any one time use backup codes if they are available.
I deduced from the comments that Magic Jack works in Europe. Good to know. One comment said that Google Voice works in Europe but it is not available there. I’d asked Dutch relatives about using Google Voice in Netherlands and they didn’t know what I was talking about. I think that means you can’t GET a Google Voice number from Europe but it does work there is you have one. Anyone want to correct me on that? It’s kind of a major trip just to check if I can make a Voice call from Amsterdam.
I live in Germany. I use Magic Jack to call my family and businesses I deal in the US. It works well.
Here is a link to Wikipedia that tells about Google Voice. According to this, it should work in the Netherlands.
https://en.wikipedia.org/wiki/Google_Voice