Every time I login to my Google account, Google rejects caring about my perfectly good password, in favor of using email verification instead. Many times this occurs via a password reset link - apparently my password doesn't matter at all. So no, I don't think Google should be considered any kind of leader in security.
Google dis-respecting one's email login settings (and abruptly eg enabling 2FA) is annoying and I'm thinking about migrating -- at the same time, what they do, makes one's account more secure (from what I've seen) but with a higher risk of locking people out permanently from their own accounts
Sure, it's technically less secure to have a password and a password reset link, rather than just the password reset link. But you'd think a password reset link would be the thing that would result in extra scrutiny and hoops to jump through (eg captchas, rejecting from suspicious IPs, etc). That it seems to be the preferred login procedure seems to indicate that something is very odd with their security model, likely due to worrying too much about people who reuse their password of "Fluffy123!" across every site.
