Why does Google want me to associate my mobile number with my Gmail account?

[scruffypig]

I want to know why Google keeps wanting me to associate a mobile phone number to my Gmail account? I know this is slightly off topic, but I gave them an alternative email to use for 2 factor authentication when I set up 2 factor authentication years ago. Now Google says that second alternative email is not good enough and I must use a phone number so they can send a SMS text with their authentication code. The point is, I don’t trust Google at all.

 

[imwjl]

I want to know why Google keeps wanting me to associate a mobile phone number to my Gmail account? I know this is slightly off topic, but I gave them an alternative email to use for 2 factor authentication when I set up 2 factor authentication years ago. Now Google says that second alternative email is not good enough and I must use a phone number so they can send a SMS text with their authentication code. The point is, I don’t trust Google at all.

Minus something like an authenticator app or Microsoft's passwordless initiative, a phone number is a completely different system and infrastructure than another email address. I've seen my users who've been compromised have all their email accounts compromised. Thus, the phone number is a good way to accomplish the goal.

If you don't trust Google you can count on another major platform such as Apple & Microsoft. The Microsoft now is not the Microsoft of many stereotypes. Depending on your needs, you might find or appreciate Microsoft having more and more powerful apps than Google and Apple.

Full disclosure: I own Alphabet, Apple & Microsoft stock and use all of their products. I pay modest amounts for services that make my use more private. Just having a cellular account, car with modern safety systems, banking, shopping and tax filing take away a lot of privacy.

 

[Annie_M]

My husband and I have been discussing your question. While we have no answers, we both agree that it’s definitely compelling! My initial reaction is cynical- I don’t really trust Google and would not share my mobile number, nor would my husband. He says he would want to know how he would benefit from sharing his number. Cynically, I would guess that we would possibly get targeted spam. My privacy is not worth that!

 

[scruffypig]

I appreciate the input from all. Let me explain my frustration and mistrust. When I set up my Gmail account many years ago, Google wasn’t using 2 factor authentication. When Google introduced 2 factor authentication, I opted to use an alternative email for 2 factor authentication and “recovery email” because of phone number privacy and because I didn’t have unlimited Text messaging. I was also planning on switching phone companies at some point and wasn’t really sure that I would be keeping my phone number, I was also moving to a different area code and wanted a new phone number to reflect that too. I knew my trusty alternative email would always be at my side.

I recently bought a new MacBook and migrated all my emails over to it. I used iCloud backup. All my email accounts set up fine except for my Gmail account. Google prompted that my device was not recognized. When I followed Google’s instruction to login from a web browser, I entered my email and password. I was prompted to verify myself using my recovery email to receive my verification code, as expected. I enter my recovery email address. Google then immediately prompted me to enter a phone number instead to receive a verification code, “Verify it's you This device isn't recognized. For your security, Google wants to make sure it's really you.”
When I click on “try another way” it takes me right back to entering in a phone number. I did get an email at my recovery email alerting me that someone was trying to access my Gmail account. A phone number hardly verifies it is really me.

I feel this isn’t secure at all. Anyone trying to hack my email could enter their own phone number, get a verification code and hijack my Google account. Google didn’t give me any trouble when I upgraded my iPhone the last 3 times. No trouble at all. No prompting of unrecognized device.

 

[anon(50597)]

I appreciate the input from all. Let me explain my frustration and mistrust. When I set up my Gmail account many years ago, Google wasn’t using 2 factor authentication. When Google introduced 2 factor authentication, I opted to use an alternative email for 2 factor authentication and “recovery email” because of phone number privacy and because I didn’t have unlimited Text messaging. I was also planning on switching phone companies at some point and wasn’t really sure that I would be keeping my phone number, I was also moving to a different area code and wanted a new phone number to reflect that too. I knew my trusty alternative email would always be at my side.

I recently bought a new MacBook and migrated all my emails over to it. I used iCloud backup. All my email accounts set up fine except for my Gmail account. Google prompted that my device was not recognized. When I followed Google’s instruction to login from a web browser, I entered my email and password. I was prompted to verify myself using my recovery email to receive my verification code, as expected. I enter my recovery email address. Google then immediately prompted me to enter a phone number instead to receive a verification code, “Verify it's you This device isn't recognized. For your security, Google wants to make sure it's really you.”
When I click on “try another way” it takes me right back to entering in a phone number. I did get an email at my recovery email alerting me that someone was trying to access my Gmail account. A phone number hardly verifies it is really me.

I feel this isn’t secure at all. Anyone trying to hack my email could enter their own phone number, get a verification code and hijack my Google account. Google didn’t give me any trouble when I upgraded my iPhone the last 3 times. No trouble at all. No prompting of unrecognized device.

You can only enter the phone number connected to the account to gain access.

 

[Ed7789]

To add on what people previously explained, if you don’t feel like giving Google your email address, you can use Time-based One-Time Password (TOTP). This is more secure than a recovery email or phone validation.

They’re 6 digit passwords that are generated on your phone and good only for 30-60 seconds.

Also, they don’t involve any Internet communication between the token app and the website. And as some mentioned, you don’t have to use Google’s token app, there are other alternatives as well.

 

[imwjl]

I appreciate the input from all. Let me explain my frustration and mistrust. When I set up my Gmail account many years ago, Google wasn’t using 2 factor authentication. When Google introduced 2 factor authentication, I opted to use an alternative email for 2 factor authentication and “recovery email” because of phone number privacy and because I didn’t have unlimited Text messaging. I was also planning on switching phone companies at some point and wasn’t really sure that I would be keeping my phone number, I was also moving to a different area code and wanted a new phone number to reflect that too. I knew my trusty alternative email would always be at my side.

I recently bought a new MacBook and migrated all my emails over to it. I used iCloud backup. All my email accounts set up fine except for my Gmail account. Google prompted that my device was not recognized. When I followed Google’s instruction to login from a web browser, I entered my email and password. I was prompted to verify myself using my recovery email to receive my verification code, as expected. I enter my recovery email address. Google then immediately prompted me to enter a phone number instead to receive a verification code, “Verify it's you This device isn't recognized. For your security, Google wants to make sure it's really you.”
When I click on “try another way” it takes me right back to entering in a phone number. I did get an email at my recovery email alerting me that someone was trying to access my Gmail account. A phone number hardly verifies it is really me.

I feel this isn’t secure at all. Anyone trying to hack my email could enter their own phone number, get a verification code and hijack my Google account. Google didn’t give me any trouble when I upgraded my iPhone the last 3 times. No trouble at all. No prompting of unrecognized device.

You can feel all you want but your feelings are not everyone's or InfoSec best practices. I'm an enterprise admin. We have close to 1000 employees. All of them use the Internet for the HR system and pay stubs. Whether their own personal or corporate email, compromised mail accounts are a thing that comes up. I've only ever had to deal with one employee who got her cellular phone account and phone compromised. The person who got their phone account compromised was a foolish person who fought with me about best practices.

Why does Google ask you that? Because they know what's best here. I suggest you use your phone number or an authenticator app.

 

[scruffypig]

You can feel all you want but your feelings are not everyone's or InfoSec best practices. I'm an enterprise admin. We have close to 1000 employees. All of them use the Internet for the HR system and pay stubs. Whether their own personal or corporate email, compromised mail accounts are a thing that comes up. I've only ever had to deal with one employee who got her cellular phone account and phone compromised. The person who got their phone account compromised was a foolish person who fought with me about best practices.

Why does Google ask you that? Because they know what's best here. I suggest you use your phone number or an authenticator app.

Understood. I do have a few Authenticator apps. I will give those a shot. If that doesn’t work, I will migrate totally away from Google. It is just one email that I used for spam mail.

Thanks everyone for the input. It is much appreciated.