I cannot fathom why people still rely on Google for their core business needs.
At my last place of work I built an SMS system to be used as the second factor in the intranet login. I _could_ have used a 3rd party 2FA, but the most _logical_ reason to have our own system was ... well.. we didn't want to rely on anyone except ourselves.
Didn't take me long and the most difficult part was finding enough USB-connected phones to be used as SMS senders.
Guess what? The system still works today, why Google is broken.
And the remarkably secure telecom system, of course.
Google's style of 2FA is IMO technologically superior in that there is no communication after the initial seed. It also appears to be somewhat standardized -- see others posting about Authy. You could have your own handwritten program running the algorithm if you wanted to be independent.
The real screw up on Google's part is not instructing users to have an encrypted backup of their 2FA data.
At my last place of work I built an SMS system to be used as the second factor in the intranet login. I _could_ have used a 3rd party 2FA, but the most _logical_ reason to have our own system was ... well.. we didn't want to rely on anyone except ourselves.
Didn't take me long and the most difficult part was finding enough USB-connected phones to be used as SMS senders.
Guess what? The system still works today, why Google is broken.