I am certain more people have this misunderstanding than care to admit, considering the many days I just spent trying to find out why I could not disable 2FA.
After I click the button "Disable two-factor authentication", the dialog immediately pops up with:
"Enter Your Password To Disable Two-Factor Authentication" and the text entry field.
Note it is redundant language when the label of text field should only tell what needs to be entered here. We already know why we enter our password because it is literally on the button we just hit.
Please just say, "Enter Your Password" in order to avoid confusion.
Actually the problem is since every other site requires me to enter the OTP here from authenticator, plus it literally says "Two-Factor Authentication" in the label of text entry, I was trying to enter the OTP.
My secure advice (as a specialist) is to require the OTP instead, because of the security breaches that often happen by people who only know the password so they sneak in while the account owner is AFK and disable authentication so they can go to their own computer and authenticate because they only were able to steal the owner's password.
Thank you, --jeff