> Currently, people who cannot use or rely on 2FA are getting locked out of their accounts even if they weren't hacked and knew their password! Isn't that worse?

I don't think so. You seem to presume the end state of both is that the user is locked out, which is only half true.

With a lost 2FA device, the user and everyone else is locked out of the account.

With a compromised account, the user may be locked out but the hacker is not. The hacker is free to impersonate the user to social services, hospitals, potential employers, etc. If there's no mechanism for the user to regain control of the account, the hacker will have that access until the user can contact all of those people and give them a new email address. That could take a while, especially if we're considering that the user has a high chance of not having a phone at the moment.

> Currently, people who cannot use or rely on 2FA are getting locked out of their accounts even if they weren't hacked and knew their password! Isn't that worse?

Not if it's happening to fewer people than the alternative.

What, how?

I got "hacked", I mean yeah it was a hack using an Android phone and Google's automated recovery system.

If not for the latter, my incredibru strong password would've saved me.

They also removed the phone and backup email from that account because I recovered the account once.

I sure hope 2FA cannot be removed once someone gains access (not without a call to the 2FA number/whatever) lol.

Either way, I'm not using it because it's a pain in the ass. I already hate that they lock me out if I try to log in from another country.

Gee, yeah I travel between EU countries, that's very unusual for most people.

Doesn’t Google offer the option of disabling 2FA?