Google does not offer me this option, I just checked.

If I claim to have forgotten my password, the first idea it has is that I should prove I still have my Security Key

Then it suggests it could send codes to my GMail (which might actually be useful if I have another device signed into that) or to another email address it knows about (it deliberately redacts part of each address in case I am not me)

Then it resorts to suggesting I try passwords I remember using on this account. I don't know what happens if I give it a password I haven't used for a few years, 'pass' means I keep a complete git history of Google passwords but I am reluctant to mess with this

Then it says too bad, it cannot authenticate me.

> Then it resorts to suggesting I try passwords I remember using on this account. I don't know what happens if I give it a password I haven't used for a few years

I can't say what it does currently but it used to say something along the lines of "you haven't used that password in a while. try something else."

It gives you a better case that you are the owner of the account, if you were to get a human to review.

Note that it sends a code to your phone which is logged into your Google account, via a (presumably/allegedly, but at least it's not SMS) secure channel.

(Actually, it doesn't send a code to your phone. It either sends a prompt to your phone, OR you can open a buried menu in some app to GET a - essentially TOTP - code.)

Oh no, if I cycle enough through Other Ways or I don't have my phone (while having my phone number connected with Google Account), it offers me to confirm my phone number with showing number as *** & last 4 digits.

When I confirm the phone number, it sends a 6 digit SMS code prefixed with G-, like G-123456 The input box on page has already a read only G- text, & then a box for 6 digit code. After I confirm code from SMS, it gives the option to reset password.

Most of the forgot password ways to reset password is Tap on other Device prompt OR get a code from Google App.

Sample Google SMS to reset code with fictional number.

```G-007007 is your Google verification code.```

After I removed the phone number, now if i click Other Ways enough times, it simply says, give us the information about last time logged, creation date, some address I email frequently, & some other stuff, & sats it will take few days for them to get back to me.

Interesting. I can't get it to give me any options like that personally. (Maybe because I have a security key active?)

Oh yeah, I also agree n believe that's the reason. Although having a key active does not mean the super secure government level threat protection, if one activates that threat from state protection, many of the account recovery options become unavailable.

I assume the number of account recovery options diminish with increasing levels of protection.

I have a security key active but it still offers to send me an SMS code for some reason (worryingly, to a phone number I no longer have... should probably get on to changing that)