Secondary e-mail address, security questions, recovery key, physical key fob - from the top of my head. Better or worse, the point is - it doesn’t have to be a phone number.
It’s asking for a secondary email address or phone number. Security questions are insecure and probably the worst reset methode there is. Most users don’t even know what a security key is so it’s pretty pointless to mention it if only like 1% are actually using it and it could cause more confusion than it helps.
Edit: apparently it actually does ask for both. But it’s not even mandatory. Its just a warning
The only other options I can consider are government-issued ID verification, a bank validation process (a fast transfer to confirm identity), or the use of a debit/credit card.
All of the above alternatives involve significantly more intrusion than requesting a phone number.
Agreed, or a burner alternate email. If Google didn’t give any option other than phone number maybe we could make a case of ill intent.
I think the main driver here isn’t that they want your phone (although they’re happy to have it, I’m sure), but they don’t want the tech support headache of manually verifying and unlocking accounts for tons of people.
Especially when they already have access to your entire email history. If they wanted your phone number for nefarious means it will probably be somewhere in that history already. Your email already requires complete trust in the email provider service, there’s so much more sensitive stuff they already have access to.
Having your phone number means that whenever you get a new Android phone they will instantly know who you are even if you don’t use the same Google account on that phone, or even if you never use any Google account. How does that sound?
Phone books don’t show mobile numbers. In Europe at least mobile registries are private and subject to restrictions. Phone numbers are considered personal identification information under privacy laws, because portability regulations have made it possible for people to carry the same number for most of their lives.
Heck, I’m not sure phone books are still a thing over here, but if they still exist they’re not allowed to show numbers for private individuals.
A few years ago there were websites that maintained phone number databases and would let you search who owns a number but GDPR stopped them cold.
Well the alternative to having to recover your account is to prevent you losing access to it which usually comes in the form of 2FA or MFA.
If you’re so protective of your personal information that you don’t want to hand over your phone number then you should be taking steps to secure your account.
Can you describe some alternatives to a recovery phone or email? Honest question.
Secondary e-mail address, security questions, recovery key, physical key fob - from the top of my head. Better or worse, the point is - it doesn’t have to be a phone number.
It’s asking for a secondary email address or phone number. Security questions are insecure and probably the worst reset methode there is. Most users don’t even know what a security key is so it’s pretty pointless to mention it if only like 1% are actually using it and it could cause more confusion than it helps.
Edit: apparently it actually does ask for both. But it’s not even mandatory. Its just a warning
I’m curious about their perspectives too.
The only other options I can consider are government-issued ID verification, a bank validation process (a fast transfer to confirm identity), or the use of a debit/credit card.
All of the above alternatives involve significantly more intrusion than requesting a phone number.
Agreed, or a burner alternate email. If Google didn’t give any option other than phone number maybe we could make a case of ill intent.
I think the main driver here isn’t that they want your phone (although they’re happy to have it, I’m sure), but they don’t want the tech support headache of manually verifying and unlocking accounts for tons of people.
Especially when they already have access to your entire email history. If they wanted your phone number for nefarious means it will probably be somewhere in that history already. Your email already requires complete trust in the email provider service, there’s so much more sensitive stuff they already have access to.
Having your phone number means that whenever you get a new Android phone they will instantly know who you are even if you don’t use the same Google account on that phone, or even if you never use any Google account. How does that sound?
There’s also this thing called a phone book which has almost everyone and their number in it. Phone numbers are not sensitive information, period.
Phone books don’t show mobile numbers. In Europe at least mobile registries are private and subject to restrictions. Phone numbers are considered personal identification information under privacy laws, because portability regulations have made it possible for people to carry the same number for most of their lives.
Heck, I’m not sure phone books are still a thing over here, but if they still exist they’re not allowed to show numbers for private individuals.
A few years ago there were websites that maintained phone number databases and would let you search who owns a number but GDPR stopped them cold.
Well the alternative to having to recover your account is to prevent you losing access to it which usually comes in the form of 2FA or MFA.
If you’re so protective of your personal information that you don’t want to hand over your phone number then you should be taking steps to secure your account.
Or don’t use Gmail.
But most users don’t have OTP or FIDO.