Recovery email is good but still not the most reliable way.
My #1 recommendation is to setup a passkey, and also set multiple security keys as the 2nd factor. All other authentication factors are subject to some form of heuristic defense.
Beyond that, a few optional things you can do in addition:
- Use Advanced Protection.
- Use a platform that's more secure , which are iOS, ChromeOS and some android (e.g. Pixel), in general and especially during recovery attempt.
