Personally it seems mostly about prizing the phone number out of my cold clammy hands.
I recently tried to access my google account on a new browser install. Google did not believe my login/password was sufficient, and insisted on me surrendering my phone number:
> To help keep your account safe, Google wants to make sure it’s really you trying to sign in [...]
> Enter a phone number to get a text message with a verification code.
I have never given my phone number to Google for that account (I have a separate account on my Android phone).
So how on earth this will "make sure it's really you" I have no idea.
I am unable to access Google from my new browser install so am stuck with using my old one for anything which requires a Google login.
I guess at some point I'll try and resolve it by adding a recovery email or something, but.. my inclination is to throw Google and the account in the trash right now.
I deleted my Google account but I’m pretty sure you can configure a Passkey on the device that lets you log in, and have that passkey in a password manager you’ve logged into on the new device and that will be considered good enough.
Setting aside my opinion that it’s asinine to upload passkeys to the cloud :)