Every solution/alternative would always impose challenges that can be considered an edge case initially until it becomes permanent.
For example, if Google wants people (who have a tendency to lose their 2FA devices more often) to always use this feature, and in case they lose access to their device, they could use a trusted designate who can verify on their behalf that they are the ones signing into the service. But then again, this alternative will impose some new challenges such as:
- What if the designate is not available?
- Designate is available but also lost their access to verify the other person?
As with this case being raised here, it will always be a process wherein Google (or any other organization) will have to explore and find meaningful solutions that is both inclusive and considerate on specific conditions.
The variability alone of such premise is huge that I am quite sure when the next edge case comes up, there are other edge cases boiling down that will become the next set of issues.
For example, if Google wants people (who have a tendency to lose their 2FA devices more often) to always use this feature, and in case they lose access to their device, they could use a trusted designate who can verify on their behalf that they are the ones signing into the service. But then again, this alternative will impose some new challenges such as:
- What if the designate is not available? - Designate is available but also lost their access to verify the other person?
As with this case being raised here, it will always be a process wherein Google (or any other organization) will have to explore and find meaningful solutions that is both inclusive and considerate on specific conditions.
The variability alone of such premise is huge that I am quite sure when the next edge case comes up, there are other edge cases boiling down that will become the next set of issues.