Not intending to shame OP, but in 2024 with stories like this occurring regularly, I am totally baffled why anyone still trusts Google with anything important. Make the switch! Run, don’t walk. Do it today.
Google is the Scorpion in the parable of the frog and the scorpion - it cannot help its nature.
In this case a big part of the problem seems to be that OP has 2fa enabled but set to a phone number they don't have access to anymore. This is a really tricky situation for any provider to handle.
This is some of the most suspicious login activity imaginable. Nobody should be surprised if an account gets locked when you repeatedly try to access it from a new country and without your second factor.
You don't necessarily need to switch, just ensure Redundancy. If you keep a password database in there, or personal files, keep it on a secure external drive and make backups. Or Dropbox. Or anything.
Just keep an extra. Don't put all your eggs in one basket.
We have a home media server. Our important data automatically backs new files to a secure folder in there once a week. If I can do it, anyone can. And it could be done easily to an external drive or something that you plug in once a month. Anything. Anything at all.
Most companies have backups. There's a reason they do that.
How does that work in practice? I mean I may keep my data at multiple places. But my government, my hospitals, my utility accounts, they all want my email address to send me OTPs, password reset links and such things that are necessary to prove my digital identity.
How do I spread this risk and make it manageable? I have to give them some email address and I fear losing access to my email. And yes, I can lose my email address even if I have my email on my own domain. There are many failure modes for losing domain names. So how do I manage this risk?
I have secondary account recovery for everything and secondary accounts for everything. If email one doesn't work, my phone and second email does. Where OP went wrong was not updating their phone number when it changed. There's not a lot to be done at that point.
Just looking at emails: your choices are to trust someone else's domain -- likely gmail -- or own your own domain + some kind of forwarding or 3rd party mail service.
For gmail, you risk account lockout like OP is experiencing. You can mitigate the risk with more recovery options at account.google.com like backup codes.
For a service other than gmail, I think the risks of lockout without customer service to help might possibly be less., especially if its paid like fastmail. If you do pay you have the risk of not wanting to pay anymore, or forgetting to pay, and if you don't pay you also have the risk of the service going away. I suppose the service going away is ok.
I for one am pretty confident google will keep gmail running as well as possible, so I see other services as a bit more risk there.
If you own the domain, you have paid for it and risk someone stealing it or grabbing it when you forget to pay. You can mitigate the risk by choosing a registrar with good security, paying for a longer term or not forgetting, eg a quarterly reminder to review your domain names. You also need to be able to access your registrar account. You can choose registrars you get other services from, like AWS Route 53 if you use amazon for anything, or Cloudflare for VPN, and mitigate the risk of non-payment or non-access because access and payment will be done more frequently.
Using your own domain is also more moving parts, decisions, setup, etc. So you risk more things going wrong or fatigue over all the maintenance taking over. How you weigh the monetary and complexity cost of using a domain name for email compared to the upside of control, having a personal site at your own name, etc.
The issue is an @gmail.com address is owned by Google, not you. Not only do you lose your contacts’ ability to reach you, but accounts tend to use email as a last-resort primary identifier. If you lose your ability to receive verification codes, you’re often screwed.
While the crowd here can maintain a domain, that’s not a realistic option for most average people. In practice, most people’s digital lives can be lost or reset simply by messing up their primary email account. With extremely limited recovery options, after a certain point at least.
And domains can be lost too. Missed payments, error in administrating the domain, government takedowns. Many failure modes exist for domains too. Nothing in the digital world is permanent! That's why I find it disturbing that so much of our digital identities are tied to our email addresses.
For email which is the most important to get back under your control simply buy a domain and then there are plenty of options for email hosting (including Gmail, but you cannot be locked out now).
There's a good alternative for everything google does except Youtube - and if you are looked out of a consumer (not creator) youtube account, you can always just create it a new one. For the creators, make sure you are building views on other platforms so no one can ice you out.
Honestly the answer depends on your personal requirements. If you want a product exactly like Google's offering you are not likely to find it. Somewhat like if you buy into the Apple ecosystem, buying into the Google ecosystem is designed to be a first class experience and everything else to feel slightly second class. This is of course a sort of faustian bargain, but it is up to you if you take it.
There are alternatives that do e-mail, cloud storage, contacts and calendars if you're prepared to research them. I won't post a list but mention some categories of options: there are companies offering similar products (fastmail, proton), you can sometimes rent managed next/owncloud/e-mail such as exchange from some suppliers, or you can self host some or part of your needs (e.g. I know people who tailscale to NAS drives). My google account is only used for paid-for android apps, for example. I'm one of the self-hosters (but I keep an eye on the managed offerings from local companies). I don't use tailscale as I can wireguard to my router, but tailscale works well when you just want stuff that plugs in and works. Synology NAS drives apparently can be tailscale endpoints.
Ultimately, I try to avoid Google as much as possible and to a lesser extent other large cloud providers. This stems from exactly the kind of incidents the OP faces, along with the usual concerns about ads/tracking (and specifically not contributing to this as a business model).
I’m able to get ahold of a human for support with all products I mentioned. I’m unable to get ahold of a human at Google ever for any of their consumer offerings. I see lots of HN threads begging for Google support, I see no HN threads begging for support from any of the companies I listed.
You should always have backups, regardless of provider.
I am very happy with Apple and iCloud, seriously. I've got plenty of cloud space for a fair price, it integrates seamlessly with Apple devices, ships with a password manager, you can hide your mail addresses, and other goodies. I've never had a problem with it.
Last time I went to France, Apple locked my iCloud for the duration until I could get back and login from a USA IP address. They even cancelled my Apple Card. And France is not exactly a suspicious destination, and I go there 4 times every year. I don't think Apple account abuse systems work better than Google's.
Do you or someone else know if Fastmail is any better? If I buy a Fastmail email, what protections exist that would stop them from accidentally or arbitrarily locking me out?
And note, I don't live in the US. I'm wondering about this question from a global perspective.
Google is the Scorpion in the parable of the frog and the scorpion - it cannot help its nature.
https://en.m.wikipedia.org/wiki/The_Scorpion_and_the_Frog