[MereInterest]

Here’s an example. I have a firstname.lastname@gmail.com address, which was intended to be permanent. Google turned on two-factor authentication, despite not having a second form of authentication available. Instead, they required the recovery address for 2FA. The recovery address was another Gmail address, which I haven’t used since 2010, and which also had 2FA turned on using its recovery address. That was an SBCGlobal address, a company which has long since been purchased by AT&T, and the email address is entirely defunct.

I place the blame here entirely on Google for misusing forms of identification. Two-factor authentication is having two locks on the same door, where recovery addresses are having two doors with separate locks. Using a recovery address for 2FA is absurd, and caused me to be locked out of my permanent email address.

[epanchin]

“I place the blame on Google because I didn’t update my recovery address to one that worked”

[MereInterest]

First, recovery addresses are for recovery when access has been lost. They are an alternate method of entry when the primary method of entry has been lost. They are NOT an extra method of validation to be used for the primary method of entry.

When Google switched from offering 2FA to requiring 2FA, it would have been acceptable for them to require a second form of authentication to be added on the next log-in. It is not acceptable for Google to pretend that they have a second form of authentication when they do not.

Second, up until the moment it was needed, I had access to my recovery address. Google locked me out of my primary address and my recovery address simultaneously.

[QuadmasterXLII]

Did you notice that the issue was that O0P had failed to update the recovery address of their recovery address, and google removed access to both the main email and the recovery email at the same time?