[zbuf]

I have the same when logging in to my Google account provided by my employer. I don't have 2FA set up, so they have no prior knowledge of my phone number.

I'd also like to understand how this is possibly useful?

In my case I was travelling, so had no option but to enter the number of the nearest available random person willing to lend me a phone for the purpose, with no idea what it would be used for.

It is cynical to suggest it's to boost their network of connected phone numbers, but I can't think of a better explanation?

[hirsin]

What you're describing is a "cost proof" - namely that the user has something we can verify that costs some amount of money and is unique. So when the service I work on asks for a phone number verification, it's not always to determine your ID - it's to cut down on spam from users unwilling/unable to set up tens or hundreds of phone numbers, which I imagine is the majority of spammers.

Adding it to existing accounts, though, makes less sense to me. Retroactively checking that an active account can cost proof seems like the most intrusive way of doing this, particularly as part of OS login - at this point you have so many signals that you should already be able to detect the user is a spammer or not.

[userbinator]

it's to cut down on spam from users unwilling/unable to set up tens or hundreds of phone numbers, which I imagine is the majority of spammers.

If anything I think it's the opposite --- dedicated spammers have shown they can farm resources like accounts of various types, so phone numbers aren't out of their reach. It's the casual users who don't want to give away their phone numbers or setup a throwaway one which will be turned away.

[hirsin]

Cost proof doesn't cut in for those users - it's typically only put in on the Nth new signup within X hours from an IP address.

[comboy]

When logging in on hardware that they provided, the cost proof should be solved (if you are only using one or a few accounts). Chromebook could come with a private key and sign a message for google, they control both hardware and software.

[peterwwillis]

This is the reason for the verification, and I'm surprised nobody mentioned it yet. When you sign up for a new account they also require a phone number. It provides a basic measure of accountability and a bot prevention mechanism.

They're doing it on Chromebooks because you're using Google's services. A Chromebook is just a Google Cloud Computer; users aren't expected to use one without using Google's services too.

[zbuf]

Then it also seems especially odd to do this on a paid-for G Suite account.