@Bitplumber @alexandria it's 2fa. You need both factors, the password and the code. Additionally, you can't derive a list of all services a person has sms 2fa linked to with access to their sms.

Some places may offer account recovery with the right phone number, which can be used to get in without the password, but that is not what 2fa is.