EDIT: You know, after some time to cool off, Google Authenticator 2FA can still be enabled and isn’t being phased out like the less secure SMS 2FA, so it’s really not the end of the world here. The chance of permanent lockout is avoided, even if the whole Google Prompt system is still wack.
I thought the same thing, until I tried to log in over a VPN in an actual other country (not just spoofed GeoIP like most piracy VPNs do).
I clicked “try another way” and got to choose between “notification on your device” and “cancel”.
Google has some kind of fancy security system that will require you to use the highest form of authentication when something fishy is going on. Multiple failed attempts from a foreign IP address on a device resolution you’ve never used before? Gonna hit you with a mandatory device prompt. Login from a browser with an expired session? Probably not even a 2FA prompt.
The idea and implementation are done very well, but Google does lack the customer support infrastructure to resolve issues like “I’m in another country and I dropped my phone”.
You can use Yubikeys or equivalent if you want to always have a way back into your account. Use two for optimal protection against lockout (one primary you use all the time, one stored away safely intended for recovery).
I guess if you’re locked up like OP, you’re basically fucked, right?
deleted by creator