The problem is almost impossible to solve. When a person has forgotten their password, lost their device and doesn't have 2fa recovery codes in hand or a recovery account set up, there is no way verify the identity of the user. Real-world identity is not linked with the account, since many goverments don't provide an online identity service (and even if they did, the people in question probably wouldn't have digital IDs either). Moreover, any manual processing is prohibitively expensive and vulnerable to social engineering attacks.