You're right, I should have clarified that in my comment.
Not even offering it is a serious oversight on AOL's part for exactly this type of scenario- it makes it extremely easy for a motivated person to socially hack someone's email. However even if it is offered it has to be turned on to work, so then we'd be back where we started if it was off by default.
I agree that AOL and most other services should offer 2fa. However, I disagree with the parent that the situation would not have occurred if AOL did offer 2fa because the subject in question would still be unlikely to use it.
Not even offering it is a serious oversight on AOL's part for exactly this type of scenario- it makes it extremely easy for a motivated person to socially hack someone's email. However even if it is offered it has to be turned on to work, so then we'd be back where we started if it was off by default.