Except if you're relying on "an old phone" as your backup device, you'll find you don't have access because you haven't powered it on to sync passkeys, and Google expired your login anyway as you haven't used it on that device in months.
This is not true for Google at least. I have been locked out of a secondary google account because they thought it was suspicious that I logged in from a new IP address after 6 months of disuse. I have the password, I have the TOTP codes, I have the recovery email (in fact I even have the email for that account, as it forwards to my primary account), but login is just not allowed until I accept a push notification on a destroyed device.
For some reason, my primary account was not subject to the same probablistic lockout, maybe because it had a more constant record of use, or maybe because it was a GApps account.
I once used Google’s account recovery flow on an old dormant (for maybe three years?) account. Did everything asked and reached a state where they wouldn’t ask me to do anything else to demonstrate ownership but I’m still suspicious or something like that. Fortunately I had nothing important there. Pro tip: operate as if Google doesn’t have a recovery flow at all.
