You must be talking about 2FA Code, not the second password.
Because the second password is only required when you want to send, get the seed, etc; but you will still be able to log-in.
Would've never occured to me to call the 2FA authorization as a "second password", good catch
If it's 2FA, then you should contact the 2FA provider's support to be able to restore your 2FA device/app (very very slim chance).
If it's SMS and you don't have the number, dead end (or find a way to create that number).
Without the seed, there's nothing else you can do.
Actually, he can just reset the 2FA token
here. He only needs his wallet ID (
obtained trough the email provided when registered) and the email he used to register.
Not sure about the SMS verification tough.