[jatgoodwin]

I recently discovered the printed codes aren't particularly reliable and google will still ask for another authentication method. I managed to get into my account by driving to a wifi google recognized as "home" and being connected to that after the codes weren't enough. I too assumed they were some sort of master key but they're just an extra method and google's security blackbox can decide its not enough.

[cube00]

This is the frustrating thing about Google's security. You record the printed codes and expect to be able to use them and then you're let down when it comes to the crunch because there are bonus extra steps.

It's a similar story with the "recovery email address" they let you add to your account. You'd expect that if you have access to that recovery email you'd be able to gain access but no, there are cases where Google refuses to send any recovery email because "we can't verify this account belongs to you at this time" so no recovery email for you.

This would all be fine if they didn't enforce we have to have 2FA enabled and then refuse to provide support even when you're a paid up member. [1]

[1]: https://news.ycombinator.com/item?id=31073302

[dazc]

Not just Google, anytime I have had to rely on a printed back-up code it hasn't worked. Anyone who thinks they are safe because they have back-up codes for any account, think again.

[anothernewdude]

Same is true of the phone method too. They ignored the fact that I had my second factor. I have no idea what google were thinking.

Now I use paid email services.