When you sign up for a new app or service, they usually require some personal information about you. Email addresses and maybe your name are pretty standard, but what about your phone number? Should you be giving out your number to anyone who asks for it? The short answer is: No. But the longer answer? It starts with “maybe.”

First of all, apps that don’t need your phone number to function might be asking for it in order to do some shady things. For example, they could sell the phone numbers they’ve collected. It’s been actually shown that a lot of apps — like many flashlight apps, for example — exist solely for the purpose of collecting and selling your data. Some might use your number to gain access to your contacts list, only to turn around and spam everyone you know. Like we said: Shady.

However, there is one reason that an app or service might ask for your phone number that’s not only totally legit but also actually helpful. Many security experts are recommending that people implement two-factor authentication in order to secure their most important online accounts, like email and Facebook. But apps need your phone number in order to do that.

Not sure what two-factor authentication is? Here’s how it works.

Let’s use Google as an example. If you choose to enable two-factor authentication on your Google account (which you should do), Google will ask for a phone number that can receive messages via SMS. Once they have that information, every time you sign in to your Google account you’ll be prompted to enter your password, as usual, and then will receive a unique code via text message (or phone call, if you choose that method instead). Your account won’t unlock unless you enter that unique code, and it only lasts for a specific, short amount of time.

The idea is that your phone number is unique to you — and it’s harder to hack than your email address. Also, as people move further away from landlines and keep their phone numbers regardless of their carrier, it’s a pretty safe bet that the person holding that number is the same person who signed up for two-factor authentication. Emails, on the other hand, can change when people switch jobs, finish school, or just feel like switching it up.

Another option for 2FA is an authenticator app. In this case, you have to download an app to your phone, at which point a secure seed key is created via QR code. The app stores the code in a server, while you store the code in your phone. From that point on, the app generates a new code every time you log in — and it’s only valid for 30 to 60 seconds. The advantage of using an authenticator app is that there’s no way a hacker could get hold of the information and use it before it becomes invalid. Also, because the information is only shared between your phone and the server, there are no other middle men that could create potential security gaps or holes. The fewer people and devices involved, after all, the fewer ways codes can get intercepted. For these reasons, it's generally advised to use an authenticator over SMS for 2FA if given the option. That said, using SMS or even email for 2FA is better than nothing at all.

As we outlined first, not all services are asking for your number in order to protect you. A good way to tell the hucksters from the legitimate apps and services out there is by looking at how many downloads they have. Is it only a few hundreds? Chances are they could just be new — but it’s also possible they’re up to no good. Another good move before giving out your number is searching the name of the app or site and “privacy.” If they have shady practices, it’s likely that they’ve been called out before.

In general, it’s a good idea to use common sense before giving apps sensitive information or specific permissions. Before clicking “submit,” ask yourself: Do they really need this? Trusting your gut and doing a little research and can make all the difference.