When you enable two-factor authentication, you are supposed to generate and securely save one-use recovery codes. This situation is what those codes are for; they are used in lieu of codes generated by your two-factor device. As long as you have them, you can use one code to log in as normal and two codes to remove the two-factor device from your membership. Then you will be all set.
If for some reason you don't have those codes, you will have to complete our login recovery process.
To start that process, please send a message to firstname.lastname@example.org from the contact email address associated with your membership indicating that you want to complete the login recovery process to generate additional recovery codes.
Assuming you contact us from the correct email address, our system will send you a response listing which recovery actions are configured for your membership and how many of them you must complete, along with more specific instructions about how to proceed.
If, for some reason, you have lost your two factor device and access to your email at the same time, you're probably screwed, but if not you must do login recovery to update your email address first. We will not process recovery requests related to two-factor devices from email addresses other than the current member contact address.