If your email is hacked, everything is
medium.comFew weeks ago I got a notification that someone from Moscow (which is like the opposite of where I reside) wants to restore my Google account ("is it you?"). It had "yes" and "no" buttons. I was in the middle of doing something and opened the notification pretty carelessly. Thankfully, I have managed to "no" successfully. But it was horrifying to think that I could have lost everything if I accidentally touched that "yes" button on my phone's screen.
Get a physical key and remove other 2FA methods for your email. That would stop them even if you did click yes.
What will happen if I lose the physical key (or someone pretends that they are me who lost the physical key)?
If you lose the key, keep backup codes somewhere safe.
Most likely if you lose the key, no one will know what it is for or who's it is.
You can also register multiple keys (in GSuite, GitHub, etc.)
pls pardon my ignorance. does GMail have this physical key feature ?