2FA authenticator app for account changes

Currently, if 2FA is enabled, Discord will send a email verification code to change the email. Thid is just not enough though, as an attacker likely compromised the victms computer. Almost everyone is signed into their email on their computers, or any device used often. Imo, this is a massive oversight on discords end.

So, the proposition. When changing an accounts email or password, if 2FA via an authentication app is enabled require an input of a generated OTP by said app. Thus, preventing a compromised account being totally taken over.

Thank you for your time, and as a victm with a compromised account this is a huge flaw that stuck out to me on discords end, and also how my account was compromised and completely taken over even with 2FA via an authentication app enabled.