This article may be right for a corporate environment where you can go to the IT department and prove physically that you are who you are, and get your account recovered should anything go wrong with 2FA.
However, if you (like me) use Google 2FA for your personal accounts, you must (if you are sane) keep printed / screenshot copies of the QR codes, backup codes, etc. to be able to recover your account.
With Google or any number of services who don't feel they need to get involved in human-being operations, you have nowhere to go for help if you turn 2FA on and then for any reason lose all access to your codes. What if your only phone dies, gets stolen, lost, etc?
That is the tradeoff -- security at the expense of having absolutely no way to circumvent it. So the only alternative to not lose your entire online life is to keep several backups and not implement the rules that this guy lays out (which would be appropriate elsewhere).
However, if you (like me) use Google 2FA for your personal accounts, you must (if you are sane) keep printed / screenshot copies of the QR codes, backup codes, etc. to be able to recover your account.
With Google or any number of services who don't feel they need to get involved in human-being operations, you have nowhere to go for help if you turn 2FA on and then for any reason lose all access to your codes. What if your only phone dies, gets stolen, lost, etc?
That is the tradeoff -- security at the expense of having absolutely no way to circumvent it. So the only alternative to not lose your entire online life is to keep several backups and not implement the rules that this guy lays out (which would be appropriate elsewhere).