They require verification to access the more capable models through their API. It's not required for "consumer" usage, which also includes things like the Codex CLI authenticated via oAuth.
It can trigger it's self, when it decides it needs to try lots of different options to get clicks into an installer running as admin. There's basically nothing you can do to prevent it.