Most average users are the reason for this. HN is not average, lets just get that out of the way right now.
But it's not uncommon at all for someone to hear "I need to setup 2FA" so they go do so and then not understand how it works or why they're doing it. Or have some misunderstanding such that they might know what it does but not how it functions enough to properly backup their 2FA secrets or backup codes.
This then results in a massive amount of customer support. It's also really time consuming to verify the identity of your customers and there's no really good way to do that to then disable 2FA reliably knowing you're talking to the actual account owner.
This is at least a potential way for support to assist someone that messed up and disable their 2FA without having to verify their identity with some cumbersome/unreliable method.
But it's not uncommon at all for someone to hear "I need to setup 2FA" so they go do so and then not understand how it works or why they're doing it. Or have some misunderstanding such that they might know what it does but not how it functions enough to properly backup their 2FA secrets or backup codes.
This then results in a massive amount of customer support. It's also really time consuming to verify the identity of your customers and there's no really good way to do that to then disable 2FA reliably knowing you're talking to the actual account owner.
This is at least a potential way for support to assist someone that messed up and disable their 2FA without having to verify their identity with some cumbersome/unreliable method.