Surely it should be possible to turn off two factor authentication if you are still logged in?
Thanks for posting.
This can only be deactivated with a 2-factor code. Otherwise if the software is accidentally left open, it would be possible to remove @-FA, change the password and username all in one go therefore hijacking an account.
Because of this, the code or recovery key is required to deactivate this.