Recovery token. It can optionally be emailed but you will be advised to write it down on paper -- this is already done with some 2FA auth. Let me flip tables:what if someone got access to your email and took over your image hosting account. How will you recover? Now they have access to private images and they can host illegal content and you will have to prove in court your account was taken over.
I like pen and paper because you can lock it away somewhere safe. If your physical security is bad anyways, no recovery method can help you. Offline,simple and unhackable.
How do you prove that you are the owner?
If someone manages to log in as you and takes over your account, how do you get it back without giving some method to contact you.