We hear lots of stories of people getting hacked or getting duped into giving out personal information but despite their growing regularity, few take action to protect their online identities. Many presume it’s not going to happen to them until it does. Some consider the setup a hassle while others find entering a PIN code in addition to a password too inconvenient. Google’s latest study, however, reveals that even just adding your phone number as a recovery method for your Google Account is enough to block majority of hacking and phishing attempts.
Despite the name, that phone number can be used for more than just regaining control of your account in case you’ve been locked out. In Google’s case it can also be used for two-factor authentication (2FA) to confirm your identity. That can happen via SMS or a more secure method of on-device prompts.
There’s no denying that reaching for your phone to verify a login can take more than a few seconds but Google is hoping the numbers can speak for themselves. All in all, Google says that an Account that is secured with a recovery phone number can block 100% of automated bots, 99% of bulk phishing attempts, and 66% of targeted attacks. Having a “secret question” also works for the first, but it falls apart in phishing and targeted attacks.
That said, Google also admits it’s not a panacea, which is why it hasn’t made having a recovery phone number mandatory for all Google accounts. In addition to the friction of setting it up, it also, ironically, increases the risk of being locked out of your account when you don’t have your phone with you or have forgotten your secondary recovery email. But, just like wearing a seat belt, Google argues is that all it takes is a few minutes to set things in order.
Google does make a convincing case for Google Accounts but it shouldn’t be taken as a general truth for all other online accounts. 2FA is, indeed, good to have, especially if paired with an authenticator app. But, just as Facebook has recently proven, some could also take that phone number and use it for purposes other than protecting you.