HMRC has a similar thing. If you forget your ID you have to fill out a annoying form and get posted a letter which contains it. If you’ve forgotten your password I think you go through a similar process.
My dad has degrees in Physics (Cambridge) and Electronic Engineering so he’s not stupid and can fairly competently use a computer (he’s built a few from components) and yet this system persistently fails for him. The letters never seem to arrive and the website is unintuative and unhelpful so as a user, he doesn’t get a good experience at all. Just using him as a test case, we can see that the system here is broken - so, due to all the security the users cannot use the actual service…which defeats the point here!
Passwords are deeply flawed and I think there needs to be a more ground up solution than making it very very difficult for people to access their account. There is a need for security, but there is also a need for usability and arguably usability should come slightly first as you can build the most secure system in the world, but if users cannot use it then it is pointless.