According to the Google information page here: https://support.google.com/accounts/answer/6103523
If you don’t have another second step or forgot your password
Note: 2-Step Verification requires an extra step to prove you own an account. Because of this added security, it can take up to 3-5 business days for Google to make sure it’s you trying to sign in.
Follow the steps to recover your account. You'll be asked some questions to confirm it's your account. Use these tips to answer as best you can.
You may be asked: To enter an email address or phone number where you can be reached. To enter a code sent to your email address or phone number. This code helps make sure you can access that email address or phone number.
This seems to indicate that even if I have two Google Titan keys (two are required for Google's Advanced Protection Program), someone can just fill in a form to claim that the keys are lost, and then gain access if they can intercept access to texts sent to my mobile phone number. This seems to indicate that the attacker can just wait until they think I'm on vacation and not paying attention, and then gain access to my account?
Is there any way to lock the account down so that my cell provider is not the weakest link?