diff --git a/settings/src/components/account-status.js b/settings/src/components/account-status.js
index b6694873..816a6b9c 100644
--- a/settings/src/components/account-status.js
+++ b/settings/src/components/account-status.js
@@ -15,26 +15,31 @@ import ScreenLink from './screen-link';
  * Render the Account Status.
  */
 export default function AccountStatus() {
-	const { userRecord } = useContext( GlobalContext );
-	const { record } = userRecord;
-	const emailStatus = record.pending_email ? 'pending' : 'ok';
-	const totpEnabled = record[ '2fa_available_providers' ].includes( 'Two_Factor_Totp' );
-	const webAuthnEnabled = record[ '2fa_available_providers' ].includes(
-		'TwoFactor_Provider_WebAuthn'
-	);
-	const primaryProviderEnabled = totpEnabled || webAuthnEnabled;
-	const backupCodesEnabled =
-		record[ '2fa_available_providers' ].includes( 'Two_Factor_Backup_Codes' );
+	const {
+		user: {
+			userRecord: {
+				record: {
+					'2fa_available_providers': availableProviders,
+					email,
+					pending_email: pendingEmail,
+				},
+			},
+			hasPrimaryProvider,
+		},
+	} = useContext( GlobalContext );
+	const emailStatus = pendingEmail ? 'pending' : 'ok';
+	const totpEnabled = availableProviders.includes( 'Two_Factor_Totp' );
+	const backupCodesEnabled = availableProviders.includes( 'Two_Factor_Backup_Codes' );
 
 	const backupBodyText =
-		! backupCodesEnabled && ! primaryProviderEnabled
+		! backupCodesEnabled && ! hasPrimaryProvider
 			? 'Please enable Two-Factor Authentication before enabling backup codes.'
 			: `You have
 				${ backupCodesEnabled ? '' : 'not' }
 				verified your backup codes for two-factor authentication.`;
 
 	return (
-		<>
+		<div className={ 'wporg-2fa__account-status' }>
 			<SettingStatusCard
 				screen="password"
 				status="enabled"
@@ -47,9 +52,9 @@ export default function AccountStatus() {
 				status={ emailStatus }
 				headerText="Account Email"
 				bodyText={
-					record.pending_email
-						? `Your account email is pending a change to ${ record.pending_email }.`
-						: `Your account email address is ${ record.email }.`
+					pendingEmail
+						? `Your account email is pending a change to ${ pendingEmail }.`
+						: `Your account email address is ${ email }.`
 				}
 			/>
 
@@ -72,7 +77,7 @@ export default function AccountStatus() {
 				bodyText={ backupBodyText }
 				disabled={ ! backupCodesEnabled }
 			/>
-		</>
+		</div>
 	);
 }
 
diff --git a/settings/src/components/backup-codes.js b/settings/src/components/backup-codes.js
index 66319616..d14dd37c 100644
--- a/settings/src/components/backup-codes.js
+++ b/settings/src/components/backup-codes.js
@@ -16,7 +16,9 @@ import { refreshRecord } from '../utilities';
  * Setup and manage backup codes.
  */
 export default function BackupCodes() {
-	const { userRecord } = useContext( GlobalContext );
+	const {
+		user: { userRecord },
+	} = useContext( GlobalContext );
 	const [ regenerating, setRegenerating ] = useState( false );
 
 	const backupCodesEnabled =
@@ -35,7 +37,10 @@ export default function BackupCodes() {
  * @param props.setRegenerating
  */
 function Setup( { setRegenerating } ) {
-	const { setGlobalNotice, userRecord } = useContext( GlobalContext );
+	const {
+		setGlobalNotice,
+		user: { userRecord },
+	} = useContext( GlobalContext );
 	const [ backupCodes, setBackupCodes ] = useState( [] );
 	const [ hasPrinted, setHasPrinted ] = useState( false );
 
@@ -142,8 +147,12 @@ function CodeList( { codes } ) {
  * @param props.setRegenerating
  */
 function Manage( { setRegenerating } ) {
-	const { userRecord } = useContext( GlobalContext );
-	const remaining = userRecord.record[ '2fa_backup_codes_remaining' ];
+	const {
+		user: {
+			userRecord: { record },
+		},
+	} = useContext( GlobalContext );
+	const remaining = record[ '2fa_backup_codes_remaining' ];
 
 	return (
 		<>
diff --git a/settings/src/components/email-address.js b/settings/src/components/email-address.js
index 3e7d566e..4bf1569b 100644
--- a/settings/src/components/email-address.js
+++ b/settings/src/components/email-address.js
@@ -14,8 +14,12 @@ import { GlobalContext } from '../script';
  * Render the Email setting.
  */
 export default function EmailAddress() {
-	const { userRecord } = useContext( GlobalContext );
-	const { record, edit, save, editedRecord, hasEdits, isSaving } = userRecord;
+	const {
+		user: {
+			userRecord: { record, edit, save, editedRecord, hasEdits },
+			isSaving,
+		},
+	} = useContext( GlobalContext );
 	const [ emailError, setEmailError ] = useState( '' );
 	const [ justChangedEmail, setJustChangedEmail ] = useState( false );
 
diff --git a/settings/src/components/password.js b/settings/src/components/password.js
index f6cfcafa..b704aa64 100644
--- a/settings/src/components/password.js
+++ b/settings/src/components/password.js
@@ -25,29 +25,35 @@ import { GlobalContext } from '../script';
  * Render the Password setting.
  */
 export default function Password() {
-	const { setGlobalNotice, userRecord } = useContext( GlobalContext );
+	const {
+		setGlobalNotice,
+		user: {
+			userRecord: { hasEdits, editedRecord, record, edit, save },
+			isSaving,
+		},
+	} = useContext( GlobalContext );
 	const [ inputType, setInputType ] = useState( 'password' );
 	const [ hasAttemptedSave, setHasAttemptedSave ] = useState( false );
 	let passwordStrong = true; // Saved passwords have already passed the test.
 
-	if ( userRecord.hasEdits ) {
-		passwordStrong = isPasswordStrong( userRecord.editedRecord.password, userRecord.record );
+	if ( hasEdits ) {
+		passwordStrong = isPasswordStrong( editedRecord.password, record );
 	}
 
 	// Clear the "saved password" notice when password is being changed.
 	useEffect( () => {
-		if ( ! userRecord.hasEdits ) {
+		if ( ! hasEdits ) {
 			return;
 		}
 
 		setGlobalNotice( '' );
-	}, [ userRecord.hasEdits ] );
+	}, [ hasEdits ] );
 
 	/**
 	 * Handle clicking the `Generate Password` button.
 	 */
 	const handlePasswordGenerate = useCallback( async () => {
-		userRecord.edit( { password: generatePassword( 24, true, true ) } );
+		edit( { password: generatePassword( 24, true, true ) } );
 		setInputType( 'text' );
 	}, [] );
 
@@ -58,11 +64,11 @@ export default function Password() {
 
 			setHasAttemptedSave( true );
 
-			if ( ! passwordStrong || userRecord.isSaving ) {
+			if ( ! passwordStrong || isSaving ) {
 				return;
 			}
 
-			await userRecord.save();
+			await save();
 
 			// Changing the password resets the nonce, which causes subsequent API requests to fail. `apiFetch()` will
 			// retry them automatically, but that results in an extra XHR request and a console error.
@@ -74,10 +80,10 @@ export default function Password() {
 
 			setGlobalNotice( 'New password saved.' );
 		},
-		[ passwordStrong, userRecord.isSaving ]
+		[ passwordStrong, isSaving ]
 	);
 
-	const handlePasswordChange = useCallback( ( password ) => userRecord.edit( { password } ), [] );
+	const handlePasswordChange = useCallback( ( password ) => edit( { password } ), [] );
 
 	const handlePasswordToggle = useCallback(
 		() => setInputType( inputType === 'password' ? 'text' : 'password' ),
@@ -109,7 +115,7 @@ export default function Password() {
 					help="The generate button will create a secure, random password."
 					label="New Password"
 					size="62"
-					value={ userRecord.editedRecord.password ?? '' }
+					value={ editedRecord.password ?? '' }
 					placeholder="Enter New Password..."
 					onChange={ handlePasswordChange }
 				/>
@@ -124,27 +130,24 @@ export default function Password() {
 				</Button>
 			</Flex>
 
-			{ userRecord.hasEdits && passwordStrong && (
+			{ hasEdits && passwordStrong && (
 				<Notice status="success" isDismissible={ false }>
 					<Icon icon={ check } />
 					Your password is strong enough to be saved.
 				</Notice>
 			) }
 
-			{ userRecord.hasEdits &&
-				userRecord.editedRecord.password &&
-				hasAttemptedSave &&
-				! passwordStrong && (
-					<Notice status="error" isDismissible={ false }>
-						<Icon icon={ cancelCircleFilled } />
-						That password is too easy to compromise. Please make it longer and/or add
-						random numbers/symbols.
-					</Notice>
-				) }
+			{ hasEdits && editedRecord.password && hasAttemptedSave && ! passwordStrong && (
+				<Notice status="error" isDismissible={ false }>
+					<Icon icon={ cancelCircleFilled } />
+					That password is too easy to compromise. Please make it longer and/or add random
+					numbers/symbols.
+				</Notice>
+			) }
 
 			<p>
-				<Button isPrimary disabled={ ! userRecord.editedRecord.password } type="submit">
-					{ userRecord.isSaving ? 'Saving...' : 'Save password' }
+				<Button isPrimary disabled={ ! editedRecord.password } type="submit">
+					{ isSaving ? 'Saving...' : 'Save password' }
 				</Button>
 
 				{ window.crypto?.getRandomValues && (
diff --git a/settings/src/components/revalidate-modal.js b/settings/src/components/revalidate-modal.js
index 774165f1..d735bb1b 100644
--- a/settings/src/components/revalidate-modal.js
+++ b/settings/src/components/revalidate-modal.js
@@ -26,7 +26,11 @@ export default function RevalidateModal() {
 }
 
 function RevalidateIframe() {
-	const { setGlobalNotice, userRecord } = useContext( GlobalContext );
+	const {
+		setGlobalNotice,
+		user: { userRecord },
+	} = useContext( GlobalContext );
+	const { record } = userRecord;
 	const ref = useRef();
 
 	useEffect( () => {
@@ -39,7 +43,7 @@ function RevalidateIframe() {
 
 			// Pretend that the expires_at is in the future (+1hr), this provides a 'faster' UI.
 			// This intentionally doesn't use `edit()` to prevent it attempting to update it on the server.
-			userRecord.record[ '2fa_revalidation' ].expires_at = new Date().getTime() / 1000 + 3600;
+			record[ '2fa_revalidation' ].expires_at = new Date().getTime() / 1000 + 3600;
 
 			// Refresh the user record, to fetch the correct 2fa_revalidation data.
 			refreshRecord( userRecord );
@@ -56,7 +60,7 @@ function RevalidateIframe() {
 		<iframe
 			title="Two-Factor Revalidation"
 			ref={ useMergeRefs( [ ref, useFocusableIframe() ] ) }
-			src={ userRecord.record[ '2fa_revalidation' ].revalidate_url }
+			src={ record[ '2fa_revalidation' ].revalidate_url }
 		/>
 	);
 }
diff --git a/settings/src/components/tests/password/password.test.js b/settings/src/components/tests/password/password.test.js
index 2a3cc6b0..e3346e54 100644
--- a/settings/src/components/tests/password/password.test.js
+++ b/settings/src/components/tests/password/password.test.js
@@ -32,15 +32,17 @@ apiFetch.nonceMiddleware = { nonce: '' };
 
 // Default mock context
 const mockContext = {
-	userRecord: {
-		editedRecord: {
-			password: 'password',
-		},
-		edit: jest.fn(),
-		save: jest.fn(),
-		hasEdits: false,
-		record: {
-			'2fa_required': true,
+	user: {
+		userRecord: {
+			editedRecord: {
+				password: 'password',
+			},
+			edit: jest.fn(),
+			save: jest.fn(),
+			hasEdits: false,
+			record: {
+				'2fa_required': true,
+			},
 		},
 		isSaving: false,
 	},
@@ -57,8 +59,8 @@ describe( 'Password', () => {
 	} );
 
 	afterEach( () => {
-		mockContext.userRecord.edit.mockReset();
-		mockContext.userRecord.save.mockReset();
+		mockContext.user.userRecord.edit.mockReset();
+		mockContext.user.userRecord.save.mockReset();
 		mockContext.setGlobalNotice.mockReset();
 	} );
 
@@ -84,8 +86,8 @@ describe( 'Password', () => {
 		it( 'should display the weak password notice after submitting', () => {
 			// State: the user has updated their password to something weak
 			// although the strength is not tested here.
-			mockContext.userRecord.editedRecord.password = 'weak';
-			mockContext.userRecord.hasEdits = true;
+			mockContext.user.userRecord.editedRecord.password = 'weak';
+			mockContext.user.userRecord.hasEdits = true;
 
 			useContext.mockReturnValue( mockContext );
 
@@ -112,8 +114,8 @@ describe( 'Password', () => {
 		it( 'should display the strong password notice', () => {
 			// State: the user has updated their password to something strong
 			// although the strength is not tested here.
-			mockContext.userRecord.editedRecord.password = '@#4asdf34asdfasdf';
-			mockContext.userRecord.hasEdits = true;
+			mockContext.user.userRecord.editedRecord.password = '@#4asdf34asdfasdf';
+			mockContext.user.userRecord.hasEdits = true;
 
 			useContext.mockReturnValue( mockContext );
 
@@ -145,7 +147,7 @@ describe( 'Password', () => {
 		const input = getByLabelText( 'New Password' );
 		const newPassword = 'this is a password';
 		fireEvent.change( input, { target: { value: newPassword } } );
-		expect( mockContext.userRecord.edit ).toHaveBeenCalledWith( {
+		expect( mockContext.user.userRecord.edit ).toHaveBeenCalledWith( {
 			password: newPassword,
 		} );
 	} );
@@ -153,8 +155,8 @@ describe( 'Password', () => {
 	it( 'should submit form on button press', () => {
 		// State: the user has updated their password to something strong
 		// although the strength is not tested here.
-		mockContext.userRecord.editedRecord.password = '@#4asdf34asdfasdf';
-		mockContext.userRecord.hasEdits = true;
+		mockContext.user.userRecord.editedRecord.password = '@#4asdf34asdfasdf';
+		mockContext.user.userRecord.hasEdits = true;
 
 		useContext.mockReturnValue( mockContext );
 
@@ -171,7 +173,7 @@ describe( 'Password', () => {
 		const saveButton = buttons.filter( ( button ) => button.type === 'submit' )[ 0 ];
 		fireEvent.click( saveButton );
 
-		expect( mockContext.userRecord.save ).toHaveBeenCalled();
+		expect( mockContext.user.userRecord.save ).toHaveBeenCalled();
 	} );
 
 	it( 'should submit form on enter', () => {
@@ -186,6 +188,6 @@ describe( 'Password', () => {
 		const input = getByLabelText( 'New Password' );
 		fireEvent.submit( input );
 
-		expect( mockContext.userRecord.save ).toHaveBeenCalled();
+		expect( mockContext.user.userRecord.save ).toHaveBeenCalled();
 	} );
 } );
diff --git a/settings/src/components/tests/utlitites.test.js b/settings/src/components/tests/utlitites.test.js
index a9f313cd..37c247bc 100644
--- a/settings/src/components/tests/utlitites.test.js
+++ b/settings/src/components/tests/utlitites.test.js
@@ -9,12 +9,12 @@ import { useEntityRecord } from '@wordpress/core-data';
 /**
  * Local dependencies
  */
-import { useGetUserRecord, refreshRecord } from '../../utilities';
+import { useUser, refreshRecord } from '../../utilities';
 
 jest.mock( '@wordpress/data' );
 jest.mock( '@wordpress/core-data' );
 
-describe( 'useGetUserRecord', () => {
+describe( 'useUser', () => {
 	beforeEach( () => {
 		useSelect.mockClear();
 		useEntityRecord.mockClear();
@@ -23,37 +23,96 @@ describe( 'useGetUserRecord', () => {
 	it( 'should call useEntityRecord with correct arguments', () => {
 		useEntityRecord.mockReturnValue( { record: {} } );
 
-		useGetUserRecord( 1 );
+		useUser( 1 );
 
 		expect( useEntityRecord ).toHaveBeenCalledWith( 'root', 'user', 1 );
 	} );
 
-	it( 'should set isSaving in userRecord', () => {
+	it( 'should set isSaving in user', () => {
 		useEntityRecord.mockReturnValue( { record: {} } );
 		useSelect.mockReturnValue( true );
 
-		const result = useGetUserRecord( 1 );
+		const user = useUser( 1 );
 
 		expect( useSelect ).toHaveBeenCalled();
-		expect( result.isSaving ).toBeTruthy();
+		expect( user.isSaving ).toBeTruthy();
 	} );
 
-	it( 'should initialize password in userRecord.record if not defined', () => {
+	it( 'should initialize password in user.userRecord.record if not defined', () => {
 		useEntityRecord.mockReturnValue( { record: {} } );
 
-		const result = useGetUserRecord( 1 );
+		const user = useUser( 1 );
 
-		expect( result.record.password ).toBe( '' );
+		expect( user.userRecord.record.password ).toBe( '' );
 	} );
 
-	it( 'should not overwrite password in userRecord.record if already defined', () => {
+	it( 'should not overwrite password in user.userRecord.record if already defined', () => {
 		useEntityRecord.mockReturnValue( {
 			record: { password: 'test-password' },
 		} );
 
-		const result = useGetUserRecord( 1 );
+		const user = useUser( 1 );
 
-		expect( result.record.password ).toBe( 'test-password' );
+		expect( user.userRecord.record.password ).toBe( 'test-password' );
+	} );
+
+	it( 'should set hasPrimaryProvider to false if user.userRecord.record is undefined', () => {
+		useEntityRecord.mockReturnValue( {} );
+
+		const user = useUser( 1 );
+
+		expect( user.hasPrimaryProvider ).toBe( false );
+	} );
+
+	it( 'should set hasPrimaryProvider to false if 2fa_available_providers is undefined', () => {
+		useEntityRecord.mockReturnValue( { record: {} } );
+
+		const user = useUser( 1 );
+
+		expect( user.hasPrimaryProvider ).toBe( false );
+	} );
+
+	it( 'should set hasPrimaryProvider to false if 2fa_available_providers is empty', () => {
+		useEntityRecord.mockReturnValue( { record: { '2fa_available_providers': [] } } );
+
+		const user = useUser( 1 );
+
+		expect( user.hasPrimaryProvider ).toBe( false );
+	} );
+
+	it( 'should set hasPrimaryProvider to false if 2fa_available_providers only has Two_Factor_Backup_Codes', () => {
+		useEntityRecord.mockReturnValue( {
+			record: { '2fa_available_providers': [ 'Two_Factor_Backup_Codes' ] },
+		} );
+
+		const user = useUser( 1 );
+
+		expect( user.hasPrimaryProvider ).toBe( false );
+	} );
+
+	it( 'should set hasPrimaryProvider to true if 2fa_available_providers has Two_Factor_Totp', () => {
+		useEntityRecord.mockReturnValue( {
+			record: { '2fa_available_providers': [ 'Two_Factor_Totp', 'Two_Factor_Backup_Codes' ] },
+		} );
+
+		const user = useUser( 1 );
+
+		expect( user.hasPrimaryProvider ).toBe( true );
+	} );
+
+	it( 'should set hasPrimaryProvider to true if 2fa_available_providers has TwoFactor_Provider_WebAuthn', () => {
+		useEntityRecord.mockReturnValue( {
+			record: {
+				'2fa_available_providers': [
+					'TwoFactor_Provider_WebAuthn',
+					'Two_Factor_Backup_Codes',
+				],
+			},
+		} );
+
+		const user = useUser( 1 );
+
+		expect( user.hasPrimaryProvider ).toBe( true );
 	} );
 } );
 
diff --git a/settings/src/components/totp.js b/settings/src/components/totp.js
index e8ea2faa..3c158ad7 100644
--- a/settings/src/components/totp.js
+++ b/settings/src/components/totp.js
@@ -15,7 +15,9 @@ import { refreshRecord } from '../utilities';
 import { GlobalContext } from '../script';
 
 export default function TOTP() {
-	const { userRecord } = useContext( GlobalContext );
+	const {
+		user: { userRecord },
+	} = useContext( GlobalContext );
 	const availableProviders = userRecord.record[ '2fa_available_providers' ];
 	const totpEnabled = availableProviders.includes( 'Two_Factor_Totp' );
 
@@ -30,7 +32,11 @@ export default function TOTP() {
  * Setup the TOTP provider.
  */
 function Setup() {
-	const { clickScreenLink, setGlobalNotice, userRecord } = useContext( GlobalContext );
+	const {
+		clickScreenLink,
+		setGlobalNotice,
+		user: { userRecord },
+	} = useContext( GlobalContext );
 	const [ secretKey, setSecretKey ] = useState( '' );
 	const [ qrCodeUrl, setQrCodeUrl ] = useState( '' );
 	const [ error, setError ] = useState( '' );
@@ -278,7 +284,10 @@ function SetupForm( { handleEnable, qrCodeUrl, secretKey, inputs, setInputs, err
  * Disable the TOTP provider.
  */
 function Manage() {
-	const { userRecord, setGlobalNotice } = useContext( GlobalContext );
+	const {
+		user: { userRecord },
+		setGlobalNotice,
+	} = useContext( GlobalContext );
 	const [ error, setError ] = useState( '' );
 
 	// Enable TOTP when button clicked.
diff --git a/settings/src/script.js b/settings/src/script.js
index 3eab2be3..6387124f 100644
--- a/settings/src/script.js
+++ b/settings/src/script.js
@@ -15,7 +15,7 @@ import { Card, CardHeader, CardBody, Spinner } from '@wordpress/components';
 /**
  * Internal dependencies
  */
-import { useGetUserRecord } from './utilities';
+import { useUser } from './utilities';
 import ScreenLink from './components/screen-link';
 import AccountStatus from './components/account-status';
 import Password from './components/password';
@@ -54,8 +54,11 @@ function renderSettings() {
  * @param props.userId
  */
 function Main( { userId } ) {
-	const userRecord = useGetUserRecord( userId );
-	const { record, edit, hasEdits, hasResolved } = userRecord;
+	const user = useUser( userId );
+	const {
+		userRecord: { record, edit, hasEdits, hasResolved },
+		hasPrimaryProvider,
+	} = user;
 	const [ globalNotice, setGlobalNotice ] = useState( '' );
 	let currentUrl = new URL( document.location.href );
 
@@ -156,29 +159,22 @@ function Main( { userId } ) {
 	);
 
 	if ( 'account-status' === screen ) {
-		screenContent = (
-			<div className={ 'wporg-2fa__account-status' }>
-				<AccountStatus />
-			</div>
-		);
+		screenContent = <AccountStatus />;
 	} else if (
 		twoFactorRequiredScreens.includes( screen ) &&
-		userRecord.record[ '2fa_available_providers' ] &&
-		userRecord.record[ '2fa_revalidation' ] &&
-		userRecord.record[ '2fa_revalidation' ].expires_at <= new Date().getTime() / 1000
+		hasPrimaryProvider &&
+		record[ '2fa_revalidation' ]?.expires_at <= new Date().getTime() / 1000
 	) {
 		screenContent = (
 			<>
-				<div className={ 'wporg-2fa__account-status' }>
-					<AccountStatus />
-				</div>
+				<AccountStatus />
 				<RevalidateModal />
 			</>
 		);
 	}
 
 	return (
-		<GlobalContext.Provider value={ { clickScreenLink, userRecord, setGlobalNotice } }>
+		<GlobalContext.Provider value={ { clickScreenLink, user, setGlobalNotice } }>
 			<GlobalNotice notice={ globalNotice } setNotice={ setGlobalNotice } />
 			{ screenContent }
 		</GlobalContext.Provider>
diff --git a/settings/src/utilities.js b/settings/src/utilities.js
index 20f30bf8..6f9c006d 100644
--- a/settings/src/utilities.js
+++ b/settings/src/utilities.js
@@ -2,39 +2,51 @@ import { useSelect } from '@wordpress/data';
 import { store as coreDataStore, useEntityRecord } from '@wordpress/core-data';
 
 /**
- * Fetch the user record.
+ * Get the user.
  *
  * @param userId
  */
-export function useGetUserRecord( userId ) {
+export function useUser( userId ) {
 	const userRecord = useEntityRecord( 'root', 'user', userId );
-
-	userRecord.isSaving = useSelect( ( select ) =>
+	const isSaving = useSelect( ( select ) =>
 		select( coreDataStore ).isSavingEntityRecord( 'root', 'user', userId )
 	);
 
-	// Initialize the password as an empty string, necessary for resetting incomplete state when leaving the password setting page.
-	if ( userRecord.record && undefined === userRecord.record.password ) {
-		userRecord.record.password = '';
+	const availableProviders = userRecord.record?.[ '2fa_available_providers' ] ?? [];
+	const primaryProviders = [ 'Two_Factor_Totp', 'TwoFactor_Provider_WebAuthn' ];
+	const hasPrimaryProvider = !! availableProviders.filter( ( provider ) =>
+		primaryProviders.includes( provider )
+	).length;
+
+	const user = {
+		userRecord: { ...userRecord },
+		isSaving,
+		hasPrimaryProvider,
+	};
+
+	// Initialize the password as an empty string, necessary for resetting incomplete state when
+	// leaving the password setting page.
+	if ( user.userRecord.record && undefined === user.userRecord.record?.password ) {
+		user.userRecord.record.password = '';
 	}
 
-	return userRecord;
+	return user;
 }
 
 /**
  * Refresh a `useEntityRecord` object from the REST API.
  *
  * This is necessary after an the underlying data in the database has been changed by a method other than
- * `record.save()`. When that happens, the `record` object isn't automatically updated, and needs to be manually
+ * `userRecord.save()`. When that happens, the `userRecord` object isn't automatically updated, and needs to be manually
  * refreshed to get the latest data.
  *
  * todo Replace this with native method if one is added in https://github.com/WordPress/gutenberg/issues/47746.
  *
- * @param record An record object that was generated by `useEntityRecord()`.
+ * @param userRecord An userRecord object that was generated by `useEntityRecord()`.
  */
-export function refreshRecord( record ) {
+export function refreshRecord( userRecord ) {
 	// The fake key will be ignored by the REST API because it isn't a registered field. But the request will still
 	// result in the latest data being returned.
-	record.edit( { refreshRecordFakeKey: '' } );
-	record.save();
+	userRecord.edit( { refreshRecordFakeKey: '' } );
+	userRecord.save();
 }