> You'll get a "Is this you?" popup in your phone or tablet whenever someone uses your username and password in a new device/browser/application.

I have two different concerns.

The first is that I frequently end up having to clear my browser cookies, for a variety of reasons. Every time I do, I have to redo the 2FA dance, on every single website that requires 2FA. I suppose I could find a different cookie management strategy, but I think it's good for both privacy and security to treat cookies as semi-ephemeral.

Secondly, I’m concerned that I'll either loose or replace my 2FA device and forget about the account until it's too late—again, I’m much more concerned about losing access to my account than someone else getting in. I would almost certainly loose any physical backup codes.

I also have a fantasy that I'll give up my smartphone one of these days, or at least not bring it everywhere I go. I’ll probably never do it, but the idea is such that I don't want to depend on an app for access to my account. I do think I’ve successfully made myself less dependent on my smartphone than a lot of people, and I’m proud of that accomplishment.

Googles 2fa requires the user to give google his phone number before being able to add a totp authenticatior. That alone is reason for me to never use it for my google account. The popup also doesn't come up if you haven't signed up with google on your phone, obviously. There is nothing stopping them from just allowing anyone to add a normal totp 2fa generator, they just chose to not do that to get more of that sweet, sweet data.

That's more friction than I'm willing to tolerate. If they force me to use 2FA, I'm done with Gmail for good (it's already no longer my primary email).

And I'm not against 2FA in general, I just don't want to use it in this case.