FACT: you are not smart enough to not use two-factor authentication on your primary email.
If you are targeted by a spear-phishing operation, you will fail.
If you lose control of your primary email address, you will also lose control (via lost password recovery) of all your online accounts and probably of your phone and other devices as well.
You don’t need to be famous or important to be a target of a spear-phishing operation. Thanks to countless data leaks over the past decade, your identity has already been leaked to hackers. It’s not a question of if but when.
Use two-factor authentication.
John Hardy Developer 
I use 2fa on everything. Even my laptop uses 2fa.
LikeLike
Chad Alan that’s good. Just make certain it’s robust and doesn’t depend on the phone network. Traveling overseas with 2FA can be a challenge of you don’t have a backup. Also SMS can be spoofed.
LikeLike
Google Authenticator.
LikeLike
I turned 2FA on on a computer and immediately lost access to it. It demanded I confirm on a second computer but the second computer never got the message, and the first one simply got stuck. After 3+ hours on a call to tech support, I was able to get it back, luckily, and turned 2FA off. Ever since I’ve been scared of 2FA. Instead I’m doing 32-character passwords generated by Password Safe using all combinations of upper case, lower case, numbers, and punctuation symbols.
LikeLike
Chad Alan I think that’s probably the best way, I may have to go back to that.
LikeLike
Wayne Radinsky the fragility of needing network access or phone access caused me problems recently while traveling in Japan. I think Chad Alans approach of using the Google authenticator app is the most robust way. Also you should print out some backup passwords in case you lose your phone. It’s really the only way to be on solid ground with 2FA.
LikeLike
I hate the places that don’t allow me to use GAuthenticator for 2fa, or want me to download a proprietary app….
I take screenshots of my backup passwords that go on a thumbdrive. I don’t have a system to keep track of paper.
I guess digitally, if you wanted an extra layer of protection, you could use steg to embed your backup passes into images, or (if you are on windows) you can download the ports of gnu tools and use cp or mv to copy/move files into the fileprop layer of NTFS (nifty, but only works on NTFS.)
LikeLike
John Hardy you convinced me. But since I am also on Project Fi and my phone is tied to my GMail account I am double-screwed if I get locked out. Therefore, my recovery number is not my own and I have ordered one of these keys. Frankly, I probably should get another for a backup.
Google allows you to assign one of these keys for 2FA.
amazon.com – Amazon.com: Yubico Security Key – U2F and FIDO2, USB-A, Two-Factor Authentication: Home & Kitchen
LikeLike
IIRC Google themselves recommend using a physical device for 2FA, like that Yubikey linked above, because they’re harder to spoof; a phone app has a larger attack surface.
LikeLike
I use 2FA with three different U2F keys I bought at a random location paying with cash.
LikeLike
If you buy them online, they might be manipulated on the way. Sending a key unsecured through unknown channels is a risk, especially if it is a physical one.
LikeLike
I have noticed hr in Aus has been have issues, going by all the emails of late.
LikeLike
I have 2FA coming out of the woodwork. On everything.
LikeLike
And, for me at least, it’s Google Authenticator or nothing.
LikeLike
Stephen Dickson you’re probably been getting them from corps that use PageUp. I’ve had a flurry of emails too which is why I know that hackers have everything. Idiots. abc.net.au – What to do if you fear your details may have been compromised
LikeLike