Like Randelung said, that would be true if you couldn’t reset you password via email. But as long as that’s possible the email can’t ever be the 2nd factor because it can be used to (re)set the 1st one.
A safer definition of what the 2 factors should be is “something you know” and “something you own”. The “know” is usually a password (which you can remember, but you should use a password manager these days so you can have a different password for every service). The “own” is typically a phone these days (generating a timed code, for example). But it doesn’t have to be, it can be a physically USB dongle or your fingerprint. The idea is that it’s something that can’t be overheard, or recorded via key logger or or even told to someone.
Like Randelung said, that would be true if you couldn’t reset you password via email. But as long as that’s possible the email can’t ever be the 2nd factor because it can be used to (re)set the 1st one.
A safer definition of what the 2 factors should be is “something you know” and “something you own”. The “know” is usually a password (which you can remember, but you should use a password manager these days so you can have a different password for every service). The “own” is typically a phone these days (generating a timed code, for example). But it doesn’t have to be, it can be a physically USB dongle or your fingerprint. The idea is that it’s something that can’t be overheard, or recorded via key logger or or even told to someone.
Steam does this better (as in safer) than most.