Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

As noted in the parent, in the given scenario the phone number provides absolutely no improvement in security or verification that the person who enters the phone number is actually the owner of the account. At best, granting Google the benefit of the doubt, it is security theater.

So, since it isn't effective for its stated purpose, are there other reasons it could be in place?



It's not security theater, they don't verify whose phone number is provided. Whatever number they get is used to unlock the account.


That's what would make it "security theater" as opposed to "security".




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: