I'm trying to escape additional authentication, not add more of it. There's nothing more infuriating than Google telling me that "I've never used this device" or "I've never logged on from this place" before and thus my *correct login credentials* are useless, or how they constantly badger me for my phone number, or how my debit card can get randomly flagged because I went on a holiday and didn't share my plans with my bank, since apparently they're my family now. *Nobody* is breaking my passwords, they're so complicated that even I forget them sometimes, and if they get leaked because your database security sucks, additional authentication won't help - I still need new passwords. My name, my address, my GPS position, my IP, my e-mail, my mobile number, my debit card, what else do you want to know about me, the size of my shlong? You *having* that data makes me *less secure* in the event of a breach, not more. The more you know about *me* the less safe *I* am. Ideally companies shouldn't store *any* of my private information. At this point whenever I'm asked for information that'll "help my account be more secure", I either ignore it or fill the blanks with garbage. Punching in a bunch of false nonsense makes it more secure, in fact - in the event of a breach my real identity still isn't exposed.