How to reset 2FA on Phab is documented at https://wikitech.wikimedia.org/wiki/Phabricator. However, it does not mention any policies on *when* it could be reset, and what forms of authenticating the request are valid.
I performed one for @Florian just a while ago, with an edit made by an attached account containing a secret I provided the requesting nick on IRC being the means of authentication. However, since phab has 2FA but mw.org does not, if we agree to use this method indiscriminately it essentially nullifies the use of 2FA (anyone with possession of just the password can get a reset done this way).
I can not also think of any other method to request a reset that does not involve terrible horrible vogony things (such as 'mail us a copy of your passport').
Having this policy decided and written down would be really useful for the next person who is requested to do a reset :)