[lnxg33k1]

Yeah I am sure too, my last company used google apps and I didn't want to use my personal number for google, but they forced me to insert a number in order to use 2FA, so I had to ask for a work SIM just so that google would STFU, it was said to be a backup method for google authenticator, f*uck google

Companies using google apps, keep in mind, you pay money for a service but if there's google involved, you're still a product, just avoid it

[kevin_thibedeau]

Microsoft plays the same games with their authenticator app.

[tatersolid]

No they don’t. I run an M365/Azure shop and not a single user out of hundreds has given their mobile number to Microsoft.

My personal consumer MSFT/Xbox account also has no mobile number attached.

[kevin_thibedeau]

Yes they do when your M365 using employer insists that you have to use the authenticator app on your personal phone and won't provide an alternative option.

[tatersolid]

At no point during setup does Microsoft Authenticator app collect your mobile number. That is in fact the whole point of the app: SMS is insecure for 2FA so collecting a mobile number makes no sense.

Most of our people including myself choose to enroll a personal phone rather than carry two devices, and somehow none of these hundreds of people ever provided their mobile numbers to Microsoft. I think you are mis-remembering the setup experience, or your employer chose to enable some non-default options that uses SMS as a backup option to the app.

[kevin_thibedeau]

Prior to Android 11 no permission was required to retrieve a phone number via the API.

[goatsi]

Do you have evidence from the apk that phone numbers were being retrieved?

[no_time]

So far all the services that required MS authenticator for me turned out to be perfectly fine standard TOTP.

[lnxg33k1]

Let’s avoid Microsoft too?