Reset password with 2FA
Asked feature: if a user lost its password and has a 2FA, he could use the 2FA to reset its password.
To be discussed as we clearly loose security here: an attacker having the 2FA will be able to force the password, so it's like having only 1FA.
Maybe the idea would be to add 2FA on top on current reset feature (mail)?