Verifying people after account loss/compromise is hard.
So which would you prefer:
(A) A low-level customer service representative can restore your access, but said representative is arguably susceptible to social engineering and other human weaknesses.
(B) Your account can be protected be physically 2FA key (yubikey), but on the case of loss/compromised account processes for recovery are hard to navigate and may not yield successful recovery?
In the case of (A) you have little security. In the case of (B) you can do a LOT to prevent account loss, but if bad things happen (whether your fault or not) you are locked out by default.
From a privacy point of view, I'm not sure that (B) is such a bad option.
You can mitigate (B) by using your own domain with Google Fi and the basic workspace account. That way, if you are locked out you can switch providers taking your domain with you.
True, but my Google Fi is attached to a free gmail account (because there is NO way to attach it to a Workspace account!!).
For my Workspace account, I backup with Google Takeout every 2 months to Backblaze B2. I also sync (with rclone) My Drive to a local directory, which is weekly uploaded to B2.
So which would you prefer:
(A) A low-level customer service representative can restore your access, but said representative is arguably susceptible to social engineering and other human weaknesses.
(B) Your account can be protected be physically 2FA key (yubikey), but on the case of loss/compromised account processes for recovery are hard to navigate and may not yield successful recovery?
In the case of (A) you have little security. In the case of (B) you can do a LOT to prevent account loss, but if bad things happen (whether your fault or not) you are locked out by default.
From a privacy point of view, I'm not sure that (B) is such a bad option.