Because my email account is that's linked to every other account and I can't afford to lose everything just because I've lost my phone (which has happened twice in the last two years, but recovered it both times).
You have many options including notifications in google apps, authenticator apps, text messages, hardware tokens, written backup codes. Not all of these rely on your phone so set them all up
So in other words dramatically increase the attack surface on my account.
Enabling SMS authentication for an account is a huge DOWNGRADE in security, not an increase. Cellular providers are infamously easy to socially engineer.
No… Well I guess if you were adding SMS as a 2fa option to your real 2fa would increase surface but that wouldn’t solve what the parent comment was saying. So yea don’t do that (but it’s better than just a password).
1)Password alone is weak. 2)Password and SMS 2fa better.
3)Password and real 2fa best. 4)Password, real 2fa, backup codes, basically just as good as best.
Google is only eliminating #1, and only requires 2fa when logging into a new device. I’m surprised HN folks are having a tough time grasping this one, in general it’s pushing people (I’d guess 90% of people would never opt into anything more than a regular password, including the parent) into #2 above.
