How effective are login challenges at preventing Google account takeovers?

From helpnetsecurity.com

preventing Google account takeovers

Despite implementation bugs that might affect the security of physical security keys, they are the strongest protection against phishing currently available, Google maintains.
On-device prompts and SMS codes are also extremely successful at blocking account hijacking attacks effected via automated bots and bulk phishing attacks, but can be bypassed by some skilled attackers that focus on targeting specific users.

Read more…