FWIW - I always use 2 factor authentication (TFA) or Multi-Factor Authentication (MFA), as security for my accounts.
Background: I'm of Indian origin - my parents moved to the states decades ago, and I was born here in the states, but I'm still Indian.
I made a google account with my real name and information a long, long time ago - and I've added services and such that I use regularly from Google. I'm well entrenched in the Google ecosystem.
Someone in India with the same first and middle initial and last name has been signing up for services throughout India that I never use and never plan to use. At first I marked the emails spam, because some sites actually verify an email address entered to sign up for a service, some do not. But when when I started receiving bank statements from not one but 3 different banks, I became enraged, and contacted the various banks and explained the situation to each of them.
Not too long after, I noticed that someone was trying to get my password on my account reset. I said "Enough" and started employing stronger 2 factor authentication. At first I used my phone, but after these more recent incidents, I then moved to the Google authenticator app, and now I use a variety of methods - for Google accounts, I use
physical Google Titan Security keys, and for Microsoft I use the Microsoft Authenticator app for Android.
A long, long time ago I had my Yahoo account hacked - it nothing actually necessary, but I had to fight and argue with Yahoo for 2 years before they restored my account to me. I vowed to never let that happen again. Then when this happened with my main, my personal, my absolutely necessary Google account on which most of my purchases are associated - I decided I wasn't playing around anymore. I used SMS 2FA for all my accounts that I could, but, as noted above, I moved on from that later to better security.
Now, if you don't have my key, you ain't logging in - and you ain't changing the password - to my accounts, no matter how much you beg Google. Or Facebook. Or Dropbox. Or any of a number of other services. For those that don't use a key, I use an app. I've moved away from using SMS except at sites / service providers that have no other way of providing 2 factor authentication.
To that end, since the Titan security keys are only FIDO (and not FIDO2 - see
this page and
this page for reference), so cannot be used with Windows hello), I backed the
Solo Key v2 project, and hope to have my new set of keys delivered soon, at which point they will be added to each and every account I own.
To read more about FIDO in general, start at the FIDO alliance web page:
FIDO Alliance - Open Authentication Standards More Secure than Passwords
Programmer and blogger
Evan Hahn started a nice project that tracks which sites and service providers (banks, utilities, etc.) offer the use of TFA / MFA, with the type(s) offered and and those that do not (including ways to contact them on Social Media to request that they start doing so). See
https://2fa.directory/
Providing your cell number is a good thing to
NOT do, but securing your account with TFA / MFA is a good thing to do. For example, with the Microsoft Authentication app, when installing Windows cleanly and I enter my email address, it doesn't even ask for a password - it instead asks me to accept a notification on my phone (usually with a specific code) in order to verify my identity. Much better, IMO, than using a phone. However, using a service like Google Voice, as Bunny did, is acceptable, as well, as it is not your real phone number (no one but family has my real cell - everyone else gets my GV number) and you can access SMS and voice mails (and even make calls) directly from your computer, no need to even have your cell phone on.
It's in your interest to secure your accounts - but it's up to you if you want to or not.
