> I am, yes, if the alternative is that they loose access to their account every few months!

Good to hear, though I confess to a bit of confusion. The issue I pointed to is that they're going to lose access to their accounts frequently as their accounts get breached, abused, and shut off. As opposed to losing access because they lost their phone number.

> Also, at least this way people have the ability to keep their accounts truly safe if they choose a strong, unique password. If Google just locks them out no matter what, there's no recourse.

As described in the Twitter thread, we're talking about people who already struggle to remember their passwords. I doubt this will improve if we require basically regular people to have strong passwords, but perhaps you have reason to think differently.

Basically I think you're trading one cause of lockout without recourse for another cause of lockout without recourse with this proposal. This does not strike me as progress. For my own part, I think Google is the wrong place to be trying to address this issue - perhaps porting phone numbers within the Lifeline phone program would be better.

I don't think people's accounts are getting hacked anywhere near three times per year. And while remembering passwords is a problem, surely it's easier than remembering a password and keeping track of a second factor device?

You're right, people's accounts aren't getting hacked that often. This is because of a wide array of security measures - the ones you're suggesting be disabled. The frequency of breaches goes up significantly without those in place, especially when coupled with the kind of weak password likely to be chosen by struggling, marginalized, vulnerable people whose priority is not keeping bots at bay.

In short - yes, but the consequences defeat the point.