I see this is an older thread, yet a recent issue arose with my friend who could not login to his account, or the app and he ran to me for help. It looks like several folks here understand the 2FA process, but some may not.
So, this is a bit of a heads-up to people that use the two-factor login, specifically the "Authenticator". He was completely locked out of his account and of course could not login to the app either. He was using an authenticator. The problem was that even though the Tesla account recognized his login name and password, when it asked for the authenticator code, Tesla would indicate the code from his authenticator was not correct.
Here is what he did not realize: He upgraded his smart phone. When this happens, even though you may create a backup of all the apps and even if directly doing a Bluetooth transfer from phone to phone, the authenticator is tied to a specific device, so code generation capabilities become broken. An app that uses the authenticator will no longer allow a login. So, it is not just an issue with the Tesla login.
He ran down to the service center which I told him was a waste of time as they won't be able to help. When he came back, I gave him the 888 number to call. I listened in as a very nice, super helpful guy came on the phone (after a 15-minute wait in line on the call). They asked some security questions to verify his identity and then sent him a link to disable the 2FA so he could get back into his account and app. I was impressed for a change that he got help so quickly and easily.
In my opinion, Tesla could do a better job with login process. When this happens at other institutions like banks that allow you to use 2FA, there is a way to send either an email or a text code to temporarily disable 2FA so you can get back in. Tesla currently does not have that.