the alternative is people losing their accounts and people aren't willing to allow that. i do think that apple does this a little better where they try everything to contact you in every way they know and it takes a week to get access. at a minimum to change your email it should require a week of waiting to see if the user can access the original mail to the hand off.
Personally it seems mostly about prizing the phone number out of my cold clammy hands.
I recently tried to access my google account on a new browser install. Google did not believe my login/password was sufficient, and insisted on me surrendering my phone number:
> To help keep your account safe, Google wants to make sure it’s really you trying to sign in [...]
> Enter a phone number to get a text message with a verification code.
I have never given my phone number to Google for that account (I have a separate account on my Android phone).
So how on earth this will "make sure it's really you" I have no idea.
I am unable to access Google from my new browser install so am stuck with using my old one for anything which requires a Google login.
I guess at some point I'll try and resolve it by adding a recovery email or something, but.. my inclination is to throw Google and the account in the trash right now.
I deleted my Google account but I’m pretty sure you can configure a Passkey on the device that lets you log in, and have that passkey in a password manager you’ve logged into on the new device and that will be considered good enough.
Setting aside my opinion that it’s asinine to upload passkeys to the cloud :)