If the US weren't pathologically schizophrenic about actually providing service to citizens, the post office would

(a) still be a government agency, not a wholly-owned subsidiary,

(b) already provide email via government servers and clients in kiosks at the post office (and the personnel to staff the service and handle high-touch troubleshooting) instead of relying on private corporations and organizations to be the sole providers of what has become a necessary service, and

(c) provide basic banking services, knee-capping the payday lending and check-cashing industries.

... but it isn't that kind of country right now.

Google already has the ability to generate one time use recovery codes, at least for gmail accounts -- not sure if it is generally integrated into their Authenticator app. You could generate some recovery codes and put them in a safe deposit box or something I guess.

This sort of solution (and your post office idea) can be, but they don't satisfy the last resort customer service role, for people who haven't set these kinds of recovery options up.

This IS the reply Shelley Rosen needs to see, understand and impart to her patrons. It does not cost anything, it is secure and it works.

I feel 2FA is a class libraries should be teaching. I am off to my local library to volunteer as a resource for that specific purpose. Anybody going to join me at their local library?

I was going to make the recovery code comment myself, but instead I did a search to see if anyone else had done so. Kudos. If would vote this comment to the top of the discussion if I only could. IMO it should be (part of) a PSA.

This is all well and good if you've got a smartphone with Google's authenticator or have a safe deposit box. The people using a library for Internet access don't necessarily have access to either of those things. They also may have had access at some point in the past but no longer do.

I understand, and agree with you, but at the same time, a HUGE number of people don't have that identification. Many homeless people that could qualify for services struggle to prove who they are, and that they are able to receive it (especially vets) because they have lost their ID, have no idea where their birth certificate is (or marriage license), and have no home to show multiple bills to that address in their name.

At some point, though, the solution doesn't become "make it possible for anyone to access any account without any proof of identity", it becomes "make it possible to live in society -- receive medical care, eat, be sheltered -- without any proof of identity".

Proof of identity should be a government function, and that we likely have millions of people in the US with no way to prove their identity has real-world consequences beyond the flaw in my post-office-account-recovery-scheme; it affects access to benefits, as you said, as well as voting and being able to even prove your citizenship. That should be fixed too, but I'm not sure we can do any better for internet identity verification than the post office fallback.

This is also a failure of government that needs to be fixed; saying this problem exists doesn’t absolve us from fixing it.

Its time to bring this stupid, dystopian nightmare we’ve created to an end.

Hard agreement with you here re: the USPS being involved in this kind of stuff. They are uniquely capable of being a major identity and trust provider. I'd love to see a PKI administered by the USPS. I'd love to get 2FA tokens issued by the USPS.