Some time ago, my account was “hacked” with some decent level of skill. But main issue was and is this.

If your Google account is compromised, then your 2FA is compromised and if you happen to have Gmail as registered one, you are very much stuffed (like me).

So I would strongly recommend to have registration email NOT tied to your 2FA. Eg. do not use Gmail, if you have 2FA from Google autheticator. Bad idea, really really bad idea.