I once lost access to a 15 year old google account and have also been geolocked out while traveling. Although the recovery emails didn’t help then, I still broadened my footprint and especially maintained emails on hosted domains. I see holes in this too, however. Is there anything fool proof? Which of these is better?

• have registrar and web hosting (including email) through the same paid provider, and login with said hosted email?
• have registrar and web hosting (including email) through the same paid provider, and login with an outside email (which you could also lose access to)
• have registrar and web hosting (including email) through separate services, whose logins share a single email (which?)
• have registrar and web hosting (including email) through separate services, whose logins use different emails?

I also use various friends’ as recovery emails, their phone numbers as bank confirmation codes etc. in case I lose access to all of mine. (This has come in handy multiple times while traveling…) Having so many at the same time is tedious to manage and increases threat vectors as more services could be breached etc. Better yet, how does everyone else handle this?