KYC can be used to recover lost or forgotten passwords on platforms like Bitget. This is because the information collected during KYC can be used to verify the user's identity and confirm that they are the account's rightful owner.
On the centralized exchanges that I have recovered lost or forgotten password, only your username and email are enough for the recovery.
For 2FA (although of which you did not mention)
You will only believe in what they offer you. On this forum, did you know that you can stake your bitcoin address which can be used to recover you Bitcointalk account if it is hacked. Exchanges can go for something like that, mandating their users to stake a bitcoin address which may not be a funded address, but having access to the private key so that is if 2FA secret code is lost, the person can go for claim his account back by signing a message with his bitcoin address staked on the exchange.