Why Websites and Apps Ask for Your Phone Number and Why It’s OK

When you’re anxious to try out a new app for the first time, it can be pretty vexing when you’re unable to register for an account unless you provide your phone number. After all, your phone number is privileged, private information; the last thing you want is for it to end up in yet another database.

You might be thinking that the only reason this app is asking for your phone number is to use it for malicious or selfish purposes. But the truth is that responsible companies are actually using phone numbers to help keep your information—and all customer/user information—secure.

Why Does This App Need My Phone Number?

A phone number is an essential part of the two-factor authentication (2FA) process, which is a security feature that helps confirm your identity when a suspicious attempt is made to access your account.  2FA is best implemented through use of an end-user’s unique mobile phone number, as opposed to email or “question” based versions. Whereas an email address is relatively easy to hack into and security questions can be easily solved, a phone number is much more difficult to fraudulently use or access. What’s more, now that people can keep their phone numbers regardless of where they live or which cell phone carrier they use, a phone number “stays” with a person much longer than an email address. In fact, TeleSign’s 2015 Consumer Account Security Report found that 1 in 4 consumers wouldn’t change their mobile numbers for any amount of money and almost 6 in 10 people haven’t changed their phone number in the past five years.

How Is My Phone Number Used in Two-Factor Authentication?

An example of how your phone number is used in the two-factor authentication process is when you reset your password for an online account. When you are required to enter a one-time passcode (OTP) that was sent to your mobile device via SMS, voice or push notification, you are verifying that you are the person requesting the password change. The OTP is a second form of authentication (the first being your username or username/password). When you correctly enter the code and are able to continue with the password reset, that process is two factor authentication. The simple act of receiving and entering the OTP signifies you are in fact, you, because only you have access to the mobile device that the code was sent to.  It’s a quick and easy way for companies to ensure that your information stays secure and out of the hands of cybercriminals.

What Can a Company Do With My Number?

While it’s possible that some companies asking for your number might pass it on to marketers, thanks to regulations from the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC), it’s increasingly difficult for them to get in touch with you. Since 2009, for example, it’s been illegal for marketers to contact people via autodialers without your prior consent.

Here are a few tips to help you determine whether you’re giving your number to a reputable company:

  • Consider withholding your telephone number if the app in question has a low rating or bad reviews.
  • Conduct additional research if you notice the app has just a few hundred downloads. While it is possible that the app is brand new, it’s also possible that the app has a bad reputation.

Generally, companies are simply using your phone number to protect you. Once they have your unique mobile phone number tied to your account, they can use it throughout the lifetime of that account to confirm your identity. Our phone numbers are the ideal “trust anchor” for making sure it’s really us accessing our accounts or making high value transactions.

It’s an increasingly dangerous world online these days. It’s always a good idea to have an extra layer of security.