By the way, you're completely right about password managers. E2E + 2FA and you're done. I wonder what their solution for "single point of failure" is, because there isn't a single one that's not flawed.
Google's Advanced Protection Program [1] meant for high risk users (journalists, activists, etc) requires you to enroll at least one hardware token, so they do recognize that as a risk.
It is good what they this program, but I'm just another Average Joe.
I have everything on my phone, I have 2FA on my phone, so if I lose it AND I can't restore my SIM/phone number - even knowing a prroper password for the account I can't do anything to restore the access.
And I really, really don't want to provide my government/country ID to some American company beforehand.
Helps you much if you are on the other side of the country. Even better if you in another country. Do you know the phone number of any of your family/relative? Would they believe what the request for some money because you lost everything from eternityforest2022@gmail.com?
Right until you lose your 2FA token, which in Google's case is your phone. And at this point YOU'RE DONE.