Which, honestly, it kind of a dumb move on Google's part. I was never a fan of that recovery address process. The 2-factor auth they've implemented since is much better.