When I enabled 2FA on my account, my account was not logging in without a 2FA code.


Later I tried to forget my password and there I saw a checkmark option where it said that if I checkmark it my 2FA will be disabled. I did that and next time I login I can login without 2FA


If 2FA can be disabled via email, what is its security? If a hacker gets access to my email, he can easily access my account. this is a bug?