Not being able to get to your account when you lose the phone; having to run extra software.
But also, frankly, I just don't trust Google to implement this correctly, given their track record. Google sure employs a lot of smart people, but the quality of their products and services is generally crap.
> Not being able to get to your account when you lose the phone
Really? There are scratch codes for that. Or you can use an app that backs up your TOTP key for you, like Authy. Or you can store your TOTP key manually. Or you can have multiple devices. Or...
> having to run extra software
Oh, come on. Are you really complaining about having to compute an HMAC?
> I just don't trust Google to implement this correctly, given their track record.
Huh? You do know "The day Google forgot to check passwords" was fictional?
So yeah, the additional problems this introduces do have workarounds. Still, the point remains: this adds new problems for no gain (for me).
As for the track record: we are talking about a company that can't properly implement basic password authentication, see my first comment. And no, I'm not interested for possible reasons/excuses why is it so; what matters is that it doesn't work _for me_.
But also, frankly, I just don't trust Google to implement this correctly, given their track record. Google sure employs a lot of smart people, but the quality of their products and services is generally crap.