If Google are requesting your phone number it might just be a very good idea to hand it over, Why? It is a proactive measure, an account recovery phone number to be precise. Most account hijack attempts involve automated bots that leverage access to password breach databases, breaches that have happened elsewhere than Google.
Google reckons it protects its users from hundreds of thousands of these account hijacking attempts every day. The new research revealed that by adding a recovery phone number to your account, 100% of automated bots and 99% of bulk phishing attacks can be stopped dead in their tracks. Even the more sophisticated use of targeted attacks were thwarted 90% of the time by this simple tactic.
It’s all to do with layering your defenses, and Google provides an automatic proactive layer for every user. When any suspicious sign-in attempt to your account is identified, and that red flag could be triggered by the use of a new device or even a device in a new location, then Google asks for some proof that it’s you who is wanting to login. Device-based challenges are key to this, with both SMS code delivery and the more secure on-device prompting alternative delivering high levels of protection. Assuming, that is, you’ve handed over that recovery phone number in the first place. Without it, Google will take the fallback option of knowledge-based challenges such as a question about your last sign-in location. However, these work OK for the bot attacks but are dramatically less successful in seeing off the phishing threat: protection rates against phishing can drop off to just 10%.
Google itself, as the experts creating and deploying the technology, the recovery phone number is a simple step that everyone can take to improve their level of personal protection from online attacks. It is like putting on your seatbelt when you ride in a car: it drastically improves your safety when you use it.
Set up a recovery phone number or email address, and keep it updated.
The majority of people surveyed said they have either a secondary email address (87 percent) or mobile device (73 percent) set for account recovery and security purposes—and that’s great.
For many web services, your Google Account included, having a recovery method can help alert you if there’s suspicious activity on your account or if you need to block someone from using your account without permission. And of course, adding recovery information to your account can help you get back in more quickly if you ever lose access or can’t sign in.
To set up recovery information, visit your Google account´s Security section and scroll down to “Ways we can verify it’s you.”
information from Forbes.com
