Frame challenge - 2FA doesn’t solve any problems that are actually problems for the homeless.
A homeless person has a vastly different cybersecurity paradigm, specifically, they don’t need much in the way of cybersecurity. Nobody is stealing a homeless person’s identity.
Given that, just let them disable it, and let them just use a password. It’s fine to rate limit them if they forget the password a few times, but let them keep trying to log in until they remember it.
I think this comes from a supportive mindset, but working with homeless populations over the years I think they often were more at risk than many other groups. Significant numbers deal with domestic violence or otherwise abusive relationships, as one example, where these kinds of security issues can be life or death, and they often lack the digital hygiene skills many folks take for granted (I think half the folks in a computer lap I worked with left their password saved when chrome offered to remember it, or even wrote it down in a text file).
Wouldn’t a homeless persons identity be ideal to steal? There are lots of illegal immigrants that pay big money for a clean social security number and other things. It would probably take a homeless person longer to realize their identity has been stolen than a non-homeless person.
A homeless person has a vastly different cybersecurity paradigm, specifically, they don’t need much in the way of cybersecurity. Nobody is stealing a homeless person’s identity.
Given that, just let them disable it, and let them just use a password. It’s fine to rate limit them if they forget the password a few times, but let them keep trying to log in until they remember it.