The best I can think of is trusted backup accounts, which already exist. A homeless person with regular attachment to a family member or a social worker could set up that person's account as a backup. But this already exists and is likely to fail for a large number of homeless people, who tend to struggle at maintaining long term relationships with family members or social workers who'd be able to help them.
The tech industry self-styles as the smartest people in the world, who try to solve the hardest problems. All I'm saying is that we shouldn't throw our hands up when we can't immediately come up with a solution to something we only learned about five minutes ago.
I think this is a good point, but the catch is that there's an implicit footnote that needs to be attached to "the hardest problems*": "*Which generate sufficient monetary returns". This particular problem isn't one that has much revenue potential.
Treating the tech industry as a magical black box that can "solve anything" is disingenous and dangerous. This is the exact same attitude that leads to things such as legislation that says "find a way for any communication to be decrypted upon subpoena. You're tech people, figure it out"
The solution is very simple. Don't force 2FA. I'm sure most homeless people would rather risk the unlikely case of their accounts being hacked if they didn't choose a strong enough password to memorize than risk getting locked out of their accounts permanently.
You can encourage 2FA but forcibly enabling it for everyone does more harm than good, especially to homeless people but also non-tech-savvy parents and such (though the latter would be more likely to have a working recovery method).
And then in alternative-universe HN people are complaining about the rate of account takeovers via credential stuffing and calling Google irresponsible for making it easy to disable a powerful security measure.
> You can encourage 2FA but forcibly enabling it for everyone does more harm than good
I'd wager that pretty much the only people on the planet who can definitively say this are the people who handle account takeovers and lockouts of large email services. My understanding is that the folks at Google responsible for this have concluded that making it behave the way it currently does is the setup that causes the fewest people to lose access to their accounts.
