That was my understanding as well but it doesn't really address sufficiently what to do in the case of, for example, the user permanently losing access to #2. Sure if I am making the decision to migrate from gmail to some other provider, I can self-coordinate transitioning in your app. But if I lose access and can't regain it through my own forgetfulness, or worse I get hacked, the easiest option still seems to be creating a new unique account.
I remember losing cell service after a storm, but the internet still worked. I couldn't login to gmail (~10-12 years ago when this was the only 2fa) because my phone couldn't receive text messages with the 2fa code.
Even if you lose all the keys to your house, you'll need to get new locks. If the locksmith who is going to let you into your house does everything by the book, they'll need you to prove you actually live there. I had a friend thrown in jail for a day because his ID, keys, etc. were lost in a kayaking trip, and was arrested for attempting to break into his own house.
My point is, there really isn't a good answer here. The platform equivalent to hiding keys in the bushes is printing out one-time passwords. That works pretty well, but also has its own drawbacks.
You could allow the user to add secondary email addresses or phone numbers to their account for account recovery, but then any of this becomes the weak link for hacking their account.
