As I mentioned, there is no guarantee any site is going to never allow use of that phone, once it's on file, to bypass authentication. Even if they don't right now. So adding a phone to an account increases your risk in a way you can't control. The only guaranteed way to avoid it is to never have a phone# on file.