I used to work as a librarian and ran into the issues the author writes about. Less than she did - but it being a community that skewed older I have plenty of experience shepparding older and/or low income individuals through basic online tasks such as applying for unemployment etc. If you have never done this kind of work then it is very easy to take for granted how low the baseline technology competency of certain folks is. Telling someone they will need a working phone number, a password, and recovery codes to access their email when "it used to just work" will simply not fly for them.

This side steps the issue that often these are scenarios where the patron is already locked out of their account and coming into a library as a last resort - so lecturing them on backup codes will be of no avail.

To give a sense of the level of tech literacy samsa is talking about, I've had to teach multiple people how to use a mouse and keyboard + had to explain to dozens of people that the icon called 'Internet' on the library computer will let them go to Facebook just like the 'Internet Explorer' icon at home or the 'Facebook' app will.

Obviously, it would be better if Google would do something, but they won’t. A temporary solution could be something like a sign that encourages people to print out backup codes and the librarian could help them with it. Maybe the librarians could even store them in a folder and retrieve with ID. Not saying these are good solutions, but they could maybe help a bit.

You do not need to enable 2FA to be affected by this issue, so IIRC it is possible you never received the 2FA backup codes to begin with. "Suspicious" logins will prompt 2FA from your connected phone.

Something that I don’t think has been mentioned yet is that Google requires a phone number attached to every account (not just a 2FA method). This is to prevent scammers from making an infinite number of Gmail accounts. (With a max of 5 accounts per phone number if I remember correctly.) This means that people without phones are unable to even set up an email account—backup code or not.

Google has basically made 2FA mandatory if you have set-up an Android phone, which doesn't even prompt to back up recovery codes.

And this is more likely to happen to the poor since they're going to have Lifeline Assistance phones, which are all shitty Android phones. (I had a couple and keep them as burners but they're crap.)

I've attempted this multiple times through the years.

As of my most recent attempt, the OTP flow still mandates input of a phone number. Those who lack phones cannot request OTP.

Does your grandma have printed out backup codes?

My father was a statistician and programmer for most of his career. He's switched to a new gmail account three times, at least, when he couldn't remember a password.

So, no, nobody has printouts of backup codes except the people who are already aware of Google's reliability problem.

My grandma just creates a new google account whenever she gets locked out and it doesn't matter because she doesn't use email for anything important.

I'm starting to wonder if she's the smarter one.

This is great, until you're locked out of a service that you actually need, and the only password-reset way is to send a reset link to the e-mail account she never uses anymore.