The health service application my doctors use, MyChart powered by Epic has that functionality. I get the option of using SMS or email, and I think they allow email because it's information the doctor's office confirms when I visit. I can imagine 2FA being approved for emails, but only for providers that have proper 2FA for email login. Otherwise it's just pushing the problem to a different place. Maybe email 2FA isn't used because email that doesn't enforce it for email login can't be assume to have it.
I don't think there's a way to allow recovery based on only information because then recovery become the primary method to take control of your account. Once you start adding limits to recovery attempts, you end up back where we already were before 2FA become popular. And what's stored in your head becomes a very easy target, especially for those less tech literate.
I really liked Facebook's idea of trusted contacts based recovery. It would allow a complete true loss of everything based on who and what you know and doesn't rely on a company having any information other than who your friends are. Which Facebook already knew since you were friends with them. Facebook's single identity model made that easy but for Gmail or Instagram it's common to have multiple that you don't check often.
I don't think there's a way to allow recovery based on only information because then recovery become the primary method to take control of your account. Once you start adding limits to recovery attempts, you end up back where we already were before 2FA become popular. And what's stored in your head becomes a very easy target, especially for those less tech literate.
I really liked Facebook's idea of trusted contacts based recovery. It would allow a complete true loss of everything based on who and what you know and doesn't rely on a company having any information other than who your friends are. Which Facebook already knew since you were friends with them. Facebook's single identity model made that easy but for Gmail or Instagram it's common to have multiple that you don't check often.