Short answer is YES.
There are a few options when using second authentication also known as 2FA as far as I know. You can use SMS text, Apps, and lastly hardware key token.
Using SMS text I believe widely use world wide now. Basically when you sign on, you will get an SMS text message with a code, and that code will allow you to login. This sms text typically on your cell phone, and it is possible for hacker to pretend it’s you by knowing all your information to call the phone company and ask them to port your # or change your sim card pretending you loss your old phone. Once done, hacker now have your phone and can quickly access your account and disable the 2FA before you even notice your phone no longer work and re-enabled back. They will do it really quick just to access your account then disable the 2FA now they have full control of your account.
Using Apps such as google authentication or Authy … similar app. Possible to get hack with 2FA google authentication if hacker know your recovery code. Your recovery code could be in the account page, could be a snapshot on your phone, could be saved on your computer or remote cloud drive like google drive onedrive dropbox etc., could also be on a piece of paper your print out and if hacker get a hold of it, then there go your 2FA. Furthermore, if your phone go missing or broken, your app for 2nd authentication is also gone forever if you don’t back up the recovery code. Some app such as Authy might be better because it’s being store in a secure db even if you loss your phone you might be able to recover by contacting them but very difficulty to proof it’s you is you.
Lastly hardware token key that have a secure chip bank grade. However you would need to carry around with you all the time and if you loose it, then their go your account as well.