recovery is easy. i'm a customer of all these companies so i have faith i'll be able to convince them i'm me if it comes to that. and i keep a handful of hardware keys to make self-recovery easier if i lose or break one. most of my practices are to mitigate risks i personally know how to mitigate, and doing it while causing myself as little headache as possible. being able to auth using touch id on my personal laptop is great for day to day usage.
So I assume you do not consider, say, your Github or Google account to be high-value? Plenty of tech companies have simply started to refuse recovery if you lose all your 2FA keys.
What do you do without 2fa if your account is taken over? I’m trading that risk for something more in my control. Yeah it would suck if I lost all my hardware keys, my laptop, and paper backup codes, and additionally I couldn’t get support from anyone.
