My problem is that when Google asks for a code for 2FA, it prompts me for something from Authenticator, but also gives me the option of using:
A text message
Printed recovery codes
An email sent to a non-Google account.
Now, this worked out great when my phone’s screen got broken and I had to activate my new phone without access to the Authenticator app on the old phone (I used the recovery codes)… but I have to say that if SMS is broken, it wouldn’t have been too hard to hijack my account, given just the password.
