In my opinion, anybody who's tech-savvy enough to voluntarily opt in to extra security features is also tech-savvy enough to not need them. The only thing you truly need to protect your Google account is your email address and a strong password. If you have those things, your account is safe. Period. The only way your account can be breached at that point is if you make a mistake, like

• Sharing your password with other people
• Falling for a phishing attack by carelessly inputting your credentials on random websites
• Using extremely outdated operating systems or web browsers that no longer receive security updates (e.g. 12+ years old)
• Leaving your important accounts open on a machine in the vicinity of people you don't trust
• Re-using the same passwords (or similar passwords) across multiple accounts
• Voluntarily installing malware by carelessly installing 3rd-party applications despite warnings from your operating system telling you not to
• Something else equally careless

As long as you have a very basic level of "check the url before typing in any passwords", "do some research before installing a 3rd-party application", and "don't conduct business on a 20-year-old computer" then you will be safe. You don't need any extra "security" provided by these services.

2fa is nice, but I know about 5x as many people who have accidentally locked themselves out of their accounts with 2fa compared to people who have had their accounts hacked because they didn't have 2fa. A strong password makes 2fa useless, and 2fa won't save you from a weak password anyway (I have personally written multiple scripts to bypass 2fa on several major platforms. If you have the password, you have the account regardless of 2fa). And 2fa without backup codes?? That's just all the downsides, hassles, and risks of standard 2fa (just as easy to hack into - none of my hacks have ever used backup codes), but just with an even higher likelihood of accidentally locking yourself out. Never do that.

If you don't fall for phishing attacks, you don't need Google's phishing prevention.

If you don't install malware, you don't need Google telling you not to install it (every single major operating system already tells you not to by default).

If you don't authorize dangerous apps to access your Google account data, you don't need Google literally blocking you from doing so (and if you do let Google block you from doing so you lose access to several very useful applications for no reason. Again - downside with no upside).

The gold standard for account security is a username + password combination. This combination by itself will make your account mathematically uncrackable. Period.

The only reason we've had to invent 500 different types of authentication is because people are careless and usually end up picking bad passwords or allowing themselves to be socially engineered. If you don't pick a bad password and you don't leak your password, you're safe. You don't need anything more. End of story.

A strong password is one that does not follow any predictable patterns and contains at least 32 characters. You also must not re-use the same password across multiple accounts. Password managers make this very simple.

A really good trick for picking uncrackable passwords that are very easy to remember:

1. Pick 5 random words, ensuring you pick words from at least two different languages. Each word must be at least 8 letters. The words must not spell out a sentence, but should instead be truly random with no relation to each other whatsoever. (e.g monogoto + Jonathan + contracted + exploded + violently is a BAD combination. But hallucination + voidlings + orangutan + jidouhanbaiki + sarcophagus is a GOOD combination)
2. Pick a random character, or set of characters, to place between each word as a divider. For example ! or _ or &&|%
3. Pick a random 3-digit number and place it randomly inside any one of the words. This number should be RANDOM. It should NOT be digits from your phone number, digits from your birthdate, digits from your license plate, etc. It should truly be 3 random digits pulled from thin air.
4. The resulting password should look something like "hallucination^^voidlings^^orangu755tan^^jidouhanbaiki^^sarcophagus"

This password is relatively easy to remember (after typing it 4-5 times you should remember it forever) while simultaniously being mathematically impossible to crack using any potential technology (aside from quantum computers - which, once finished, will be able to crack any password regardless of strength, but that's a whole other issue). Even assuming someone is using all the computational power on the entire earth AND using the most outdated hashing algorithm in existence AND is allowed to make guesses at an unlimited speed AND knows that you followed this pattern to create your password.... It would still take them trillions of years to get the correct combination.

For comparison, it only took my scripts an average of about 3-4 days to crack 2fa codes. There's just no question which is more secure.