> What is the account recovery process if I’m locked out and don’t have my phone, say it’s lost or broken and I can’t verify my identity?
> You can always fall back to legacy authentication options such as passwords and traditional 2-step-verification. In a case where you can no longer remember your password, you can also go through Google’s Account recovery flow. We encourage you to add your email and phone number to ensure you can always access your account.
Then what's the point of it all if a hacker can still get into my account using the traditional methods? This seems to be just opening up another avenue of attack.
If I understand it correctly it will avoid phishing, assuming people notice there's something up when they see a page asking for a traditional login for no good reason when they have passkeys. And it may be a transitionary step towards no passwords or something.
My Google account is set up such that account recovery requires me to actually travel to Mountain View and present several forms of ID, and that's just how I want it to be.
> You can always fall back to legacy authentication options such as passwords and traditional 2-step-verification. In a case where you can no longer remember your password, you can also go through Google’s Account recovery flow. We encourage you to add your email and phone number to ensure you can always access your account.
> https://safety.google/authentication/passkey/