Your mobile number is used for your protection, and you may be very sorry if you don't.
In one of my more important articles -- A One-Step Way to Lose Your Account Forever -- I discuss the sad reality that accounts are frequently lost because people fail to set up recovery information or keep that recovery information current.
In most cases, it's a simple oversight with disastrous results. One day, your account gets compromised somehow, and you have no way to prove you are the legitimate owner. Without that proof (in the form of recovery information used to verify your identity), your account is no longer your account. Period. Forever.
Sometimes, however, there's a much more frustrating reason people fail to provide recovery information -- in particular, their phone number.
Become a Patron of Ask Leo! and go ad-free!
Why a phone number?
The reason email service providers want your phone number is very simple: When (not if) you have trouble logging into your account, that phone number can be used to verify that you are who you say you are.
Your phone number is one small part of your identity. As long as you maintain that number in working order, it's how the people you share it with reach you. Even if you lose your phone, that number can be reassigned to your replacement phone by your carrier.
If an online service needs you to prove that you're the account owner and you have the right to log in to that account, even if the password doesn't seem to be working, that phone number you gave them when you set up the account is the proof they use.1 They text you a code. Your ability to provide that code when asked proves you have the phone at that number.
It proves you are who you say you are.
It proves you should be allowed access to the account with which you associated that phone number.
The fear: tracking via your mobile number
Google will not use your mobile phone number to spy, track, or otherwise compromise your privacy.
They just won't.2
Some people are convinced that if they hand over their phone number, all of a sudden Google is going to do exactly that and probably more evil things they can't even think of.
They fear Google more than they fear losing their account.
I don't get it. I really don't get it. If you fear Google that much, then why have a Google account at all? Why aren't you concerned about the tracking inherent in your Android phone or the Google account itself?
Or why have a Google account that is in any way "important" to you? (If you honestly don't care if an account gets compromised, then recovery information like a phone number is immaterial -- but in my experience, you'll care.)
Not everyone has a mobile number
There's one valid reason not to give Google your mobile number: if you don't have a mobile phone. Google, at least, seems to assume that everyone does, and that's not true. (Not to mention that SMS may not be available at all times, such as when traveling.)
It's frustrating because many systems (such as Google's two-factor authentication) use non-SMS-capable phone lines to provide a code at recovery time via automated voice. Why this is not currently available for alternate account verification, I have no idea.
They could also do a better job explaining why they ask for a number in the first place, including how and when that number would be used.
Do this
I keep saying "when, not if" you run into account access problems because it happens to all of us for a variety of reasons. It's just a matter of time. Without alternate access information, you stand a chance of losing your account forever.
If you have a mobile number, add it to your account.
If you have an alternate email address, add it to your account.
If there is additional information requested that could be used to prove your identity to recover your account, add it to your account.
Someday, you'll be very, very glad you did.
I'm betting you'll also be glad if you subscribe to Confident Computing! It's my weekly newsletter sharing less frustration and more confidence, solutions, answers, and tips in your inbox every week.
For the first time Google is now asking for my phone number to validate me. Not my recovery email, mind you, my phone number. Ya know – I don’t trust them. Not even the feds want my phone number to access my social security or passport info. Just another way for Google to sell me. So I’m going to go with the consensus – F*ck Google. I need a new phone anyway – iphone/apple hear I come – and ditching the Google life.
So you’re OK with Apple having your phone number then (not everyone is). Cool. As long as you set up proper account recovery information and keep it up to date so that when something happens you’ll be able to recover.
yes 2020 recovery email is not enough for real they want your number and not for security reasons thats for sure it must be like gold to them data collectors hard to trust google anymore
And what about “sim swap attack”?
Is giving phone number to Google a real protection of account?
Don’t give more information than you have to.
Giving Google your phone # allows you to recover your account. If you’re OK with not having that protection and possibly losing your account, then fine.
OH MY GOD !!!!!
HELL NO!!!!
After all the DAILY news about hacks, data breaches, etc. YOU’RE an idiot if give any of your personal information to any online business these days !!!!!!!!
Most of those articles on devastating hacks are overblown sensationalist clickbait.
Leo wrote a tip about that:
“Tip of the Day: Headlines Are Written to Make You Click. …Some call it clickbait, others call it marketing, I call it misleading and frustrating.”
The One Thing Every Non-technical Person Needs to Know
Needless to day I disagree.
>Google will not use your mobile phone number to spy, track, or otherwise compromise your privacy.
sure they don’t…
>Google sued by New Mexico over claims it spies on US students
https://www.bbc.com/news/world-us-canada-51591420
Be sure to report back with the eventual outcome of the suit. Being sued is not being guilty.
I’ve never add to recover my account but I but wouldn’t adding your phone make you more susceptible to sim-swap attacks? Would having an app based 2FA on your account mitigate that? Is it really as simple as getting a code by sms? I can’t imagine that with 2FA enabled it would be that simple to recover your account but I can’t seem to find much info about that. Also, I know this is an older article but I saw Mark mentioned adding several recovery address. I can only add one. Am I missing something or did it change since.
Some accounts allow several alternate addresses; others allow only one.
App-based 2FA is better than SMS, but SMS 2FA is better than no 2FA at all.
I just got a letter from my bank saying that they are now allowing users to choose whether to use the app or SMS text. A year ago, they stopped using SMS as a second factor and insisted on the app, but now they’ve made the app optional. My guess is that they wanted to make online banking available to people without smart phones.
The app is actually 3 factor; you not only need to prove the account is yours via owning the phone but then you have to log into the app with an app password or fingerprint.
Google requires a phone number because it’s either convenient or useful to them, not because it’s of value to you. It may not (although it may very well) be malevolent in either goal or use, but it’s not for your benefit, it’s for theirs.
Someone asked to use my phone # for google voice on her PC so we could talk back and forth, she just needed the code sent to me. My question, is this safe to give this person the code so we can talk.
It will give this person the ability to impersonate your mobile number. Is that what you want? Do you trust ’em? There are many other ways to talk.
Too many companies now require mobile numbers just to sign up. Our family recently bought a new wireless router that, just to access the control panel via URL, required us to give them our mobile number AND sign a privacy policy. We returned it and went with a hard-connected security router.
Today, we needed to interact with the support team for a service we bought. They instructed us to reach out to them via Discord. We tried to sign up but need a mobile number. We canceled our service.
We’d been shopping without a hitch on Ebay for many years. To use Paypal to manage payments, you guessed it, we needed to give them our mobile number. So we stopped using Paypal & are now supporting smaller online sellers that respect our family’s privacy prerogatives.
We’ve had the same Gmail account for about 20 years since the company started. No problem at all ever. We (husband/wife) have linked our accounts together in case there’s any problem. Now Google, too, needs our mobile number? There are far too many privacy-respecting email services available to feel obliged to divulge our phone numbers to Google. Hello Proton Mail.
We’ve discovered the one sure-fire way of getting spammed to oblivion is to share our email addresses or phone numbers with companies. No matter what they promise, eventually we get spammed. How did we stop this? By never giving out our real email addresses and by never sharing our mobile numbers.
Mobile numbers aren’t passports. They aren’t national ID’s. We shouldn’t be obligated to divulge personal, private data to corporations that have proven time and again that they’ll gladly prioritize their own interests far above those of consumers or the general community. So if a business “needs” our mobile number, that’s a business our family doesn’t need.
I’ve had the same email account for 35 years, and aside from the times the server was down, have never once had a problem accessing the account.
“You’re not that interesting” is an anti-intellectual gaslighting technique.
No, we’re not that interesting, the myriad entities that want our personal info are not interested in observing us for entertainment, they want our info because they think they can make money with it, either by selling it, showing us ads, telemarketing, scamming, etc.
That we don’t need to fear privacy invasion because we aren’t interesting is an old manipulative canard offered up by scammers themselves.
“What, you care about your privacy? Who do you think you are, a celebrity? C’mon hand it over, nobody cares about you!”
If we’re not that interesting, stop asking as so much about our private details.
That way we won’t have to bore you with our oh-so-mundane details. Problem solved for everyone.
By the way, would you care to enlighten us how a phone number serves the interest of security when ANY phone number can be used? How does Google know that it is your number? Google doesn’t confirm that it belongs to you. Google support even tells phone-less people to use a friend’s cellphone. Oh yeah, it’s about security. A scammer can just use a burner phone to confirm.
It makes zero sense from a security standpoint, and the only reason that stands up to actual logic is that they want it for data mining.
Not that Google mines data, of course. After all, we’re all so uninteresting they wouldn’t possibly care about our boring details. I mean, who do these “privacy” people think they are anyway? A bunch of narcissists if you ask me!
To be clear, you as an individual, are not that interesting. Data collected from masses of individuals, of course, is extremely valuable.
Google confirms the phone number by texting a code, in the usual manner. You have to prove you have access to it before they’ll associate it with your account.
Never been accused of gaslighting before. That’s new. I fear the term is starting to be overused.
If what Leo wrote in the article weren’t true and was for the purpose of misleading people, it would have been gaslighting. Since what Leo is saying is true, it’s not gaslighting.
“Gaslighting is a colloquialism, loosely defined as manipulating someone so as to make them question their own reality.” – Wikipedia
If we ever find out that Google, Microsoft, or other website is misusing date, we won’t hesitate to warn people.
So, New Mexico settled its lawsuit with Google and they have paid MILLIONS to the state. This article has neither aged well nor has its author updated it when he snarked about “report back the results of the lawsuit.”
https://www.krqe.com/news/politics-government/state-settles-lawsuit-with-google-over-childrens-privacy-online/
Google wants your phone number for one reason and one reason only — to sell it to marketers so you can get more spam calls. PERIOD. I recently had to recover a gmail account I haven’t used in a while. Despite having both the password AND a recovery email (and supplying the code sent to the recovery email), Google STILL INSISTED ON A NEW PHONE NUMBER THAT HAD NEVER BEEN ASSOCIATED WITH THAT ACCOUNT. Now you tell me how adding a phone number — again, that had NEVER been associated with that account — in ANY WAY protected it from being taken over. You can’t. Google wants those numbers to sell them.
Google isn’t the only company that asks for a phone number for recovery purposes. Microsoft is another, and I’m sure there are others as well.
In today’s world, information can be gathered just by going about one’s business. How many times does one get asked for for more than just a phone number when shopping online? Once a purchase is made, that data gets recorded and is used to compile mailing lists that get sold back and forth between all sorts of brokers for who knows what reasons.
I spent over twenty years driving trucks in all 48 states. As trucking companies started using satellite communications systems, I heard many drivers complain about being tracked, not realizing that every time they stopped to fuel, paid a toll or restaurant bill, they were leaving footprints.
My point is that worrying about who is collecting what is a waste of time and energy. A better course of action is to make it harder for someone to use that data by taking time to lock down accounts using strong passwords, using MFA when available, and setting up recovery methods for if and when something happens.
As for telemarketing calls, take time to learn the features on your smartphone and how to block them. I know it is possible with an Android (Google) phone and likely the same with iPhones.
You may not be that interesting, but I am.
I live in a country which will remain unnamed, but where, despite it being officially a democracy, you can go to jail (or have your life ruined) if you say the wrong things on the Internet (or even within the sanctuary of your home), despite them being true.
Incidentally, you, Leo, also live in such a country.
So of course I won’t give my phone number to Google. It’s not Google I’m afraid of : it’s the police requesting information from Google.
Loosing my Google account(s) ? Yes, that would be annoying. Although the only way it could reasonably happen is by Google locking me out by some algorithm decision, not by hackers getting into it. My security is good enough.
But it would be far more annoying if I were dragged to court. The decision is easy to make.
One of my cell numbers I’ve had for 3 years and have been very careful about not giving it out. With exception of the couple family members I’ve shared the number with I received no incoming calls. Yesterday I was forced to use one of googles services for business reasons and set up a google account where I included this particular phone number for recovery. Today I started getting unwanted calls. I checked with the two family members who had my phone number andwithout a doubt google is the source of my info leaking and my frustration over harassment
Thought you should know after reading your articles
claims