Good.

I've seen, or I think I've seen, AWS and Twitter giving completely fake "security" reasons for eliciting additional information. I made an account on Twitter, did nothing with it at all, next day was told I violated the T&C and needed to prove my identity by handing over phone number.

So I'm cagey about this sort of thing. Obviously, actual real security concerns are a good thing to see, people are thinking about the issue and taking care, and asking for validation is naturally what you do and it's better than a flat no. OTOH, passport is BS - solves their security risk but gives me a security risk.