The central access to almost everything in my life is my Gmail account, and I also use Google Auth for 2FA codes (which I have backed up in the cloud). My biggest fear is having my cellphone stolen and, when I try to access my Gmail account from my laptop, not being able to do so for some reason and getting locked out forever.
I thought of using an old Google Pixel that I have and installing only Gmail and Google Auth with my Google account on it to have it as a backup. Is this a good idea? I'm not sure if Android allows the same Google account on two different devices. If this is not a good idea, what do you suggest?
Yes, you can log into multiple devices (Android or otherwise) with the same Google account. I usually stay logged in to Gmail/Chrome on my computers, iPad, Android phone, and gaming handheld (a Logitech GCloud running Android). If one of them gets stolen, the others are still logged in and you can use Find My Phone to remotely erase the stolen one and/or change your password.
You should also add a recovery email and phone to your Google account: https://support.google.com/accounts/answer/183723?hl=en&co=G...
Oh, and set a lock screen on all your devices with a good password, and have them automatically lock when you turn off the screen and/or in some reasonable timeframe (a few min) in case they get stolen. Make a habit of locking your screen any time you walk away and leave your device unattended.
Turn on full-disk encryption. (I think this is the default on newer Pixels).
With the above, if anyone does steal your device, erase it remotely and then sign in to your account again from the replacement device. You might get asked to confirm it from another device, or hopefully you have a 2FA code you can use that's in your password manager.
This is a problem, you really do not want to rely on Google for everything. Not just because of the possibility of getting locked out due to e.g. theft, but because Google might shut your account down at any moment (I know several people whom this has happened to) or getting compromised.
> My biggest fear is having my cellphone stolen and, when I try to access my Gmail account from my laptop, not being able to do so for some reason and getting locked out forever.
You can generate backup codes for your Google account, store them somewhere at home (I have mine in a safe).
Regarding Google Authenticator, there is a way to export the TOTP secrets, so print them out also and store them somewhere (or maybe KeePassXC with the vault stored on a USB stick?)
Having a backup device should help, but you may still end up locked out for a day or two if the initial verification fails. I don't remember why it failed for my wife, typically they just send a number or a prompt to the other device that you have to enter into the new device.
IIRC they also have secret keys you can print out ahead of time that you can use to recover your gmail. Presumably you'd put them in a safety deposit box or store in another secure location.
2FA is touted as improving security, but whether it in fact does depends on the individual user's weighting factors on the confidentiality-integrity- availability triad.
Your situation sounds like one wherein the raise on the risk to availability easily outweighs the drop on the other two.
2FA aside, the other consideration is additional risk from having made your phone available to Google's opaque verification process. If e.g. Google would offer your thief password recovery via the the phone number, then involving your phone with your Google account could be very unsafe.
https://support.google.com/mail/answer/183723?hl=en&co=GENIE...
It's also useful to track which companies sell your email address to spamers, simply registering with custom emails.