In this situation, maybe one thing that could help is if the library holds on to the backup codes for patrons. So they can sort of act as a quasi trusted authority. In fact if these people can't even log in without backup codes, they can just keep their password in their wallet.
Of course, yubikeys also work very well in this situation. So the library could sell a yubikey and keep backup codes on file for in case the yubikey is lost.
Or since you can store so many identities on an individual yubikey, just give the librarians one.
- Library is a Group Administrator for patrons' Google accounts.
- Library offers its own email services to patrons.
- Library holds recovery codes (perferably under some sort of escrow).
All of these put burden on the library, of course. Though there's already a substantial burden.
There's also the issue of itenerant / mobile patrons who may only be using a library on a temporary basis or operate between several locations. How much this is a use pattern I've no idea.
The USPS offering email services might be yet another option. Points of presence in every ZIP code, often several.
Given other ongoing challenges (housing is now a full-blown crisis), the problem of mobile / indigent / precarious indivudal will only grow.
The pattern is also likely to be repeated in other global regions.
Of course, yubikeys also work very well in this situation. So the library could sell a yubikey and keep backup codes on file for in case the yubikey is lost.
Or since you can store so many identities on an individual yubikey, just give the librarians one.