2FA needs to be implemented in a more human-friendly manner. Apple does better with their "friend or family member" account recovery. 2FA needs to be something you know not something you have. Or at least needs to support that. Yes, this would be a problem for someone who doesn't know someone to be their backup. But that's a real edge case.