Will 2FA, in general, be bypassed by a stolen passport?

You have a friend called Bob.

You have a copy of Bob’s passport.

Bob uses 2FA for all of his accounts.

Would you, in general, be able to bypass this 2FA and access his accounts, by doing the following:

  • Emailing support

  • Explaining to support that you lost access to your account

  • Sending support a copy of Bob’s passport, claiming that you are, indeed, Bob

Would it be fair to say that the majority of support agents would reset 2FA on Bob’s account?