On the other hand if you want to use 2 factor authentication adding and rotating security keys across dozens of sites isn't the best plan either. So we are kinda stuck in a rough spot. I really wish that OpenID stuck around. It would have been fantastic to have the choice of provider including running your own.

I think the saving grace of using Google login is that usually you can still "reset your password" via email and get in that way even if Google locks you out.