I'd like to request that password changes to an account be confirmed via email address.

It is true that we now have access to 2FA but that is no excuse to not have base protections in place for the average user.

Users shouldn't need to jump through hoops to have their account protected in some way shape or form after registration.

As it currently stands if a user does not have 2FA their account can easily be stolen and their password changed, to which their only recourse is contacting support, at which point the reply to such may be too late to recover from anything done.