Google kinda does do that though. You can have a recovery email (or multiple IIRC), or you can have a phone number.
TOTP and hardware authenticators are more for second factor authentication; you’re probably more likely to use those than a password, and they don’t really make sense for recovery.
Why wouldn’t they make sense for recovery? They’re authentication factors just like passwords.
“Second” factor means you should have multiple, not that one of them is beneath the others. And they all work just as well for authentication and recovery.
Google kinda does do that though. You can have a recovery email (or multiple IIRC), or you can have a phone number.
TOTP and hardware authenticators are more for second factor authentication; you’re probably more likely to use those than a password, and they don’t really make sense for recovery.
Why wouldn’t they make sense for recovery? They’re authentication factors just like passwords.
“Second” factor means you should have multiple, not that one of them is beneath the others. And they all work just as well for authentication and recovery.
Google can use the phone number on file to text a verification code for password reset.