Almost all internet companies have internal tools to disable 2FA. People destroy/break/etc their phones constantly and need it reset.
2FA is meant to protect against someone impersonating you. It is not designed to protect against malicious insider at the org you are trying to prove your identity to
But operations like that should require a second randomly chosen individual to verify.
The reality is the public loses credentials and keys all the time and at most companies security takes a back seat to convenience and customer service.
2FA is meant to protect against someone impersonating you. It is not designed to protect against malicious insider at the org you are trying to prove your identity to