How to keep the Apple ID account safe?

The obvious suggestion is to use the same process available on desktop device. I also provided that feedback, but nothing changed. I don't know if it is a developing limitation. That's why I'm here: maybe an expert could have another insight I didn't get.

Apple considers that is the expected behavior, if two-factor authentication is enabled, that any trusted device can change the password with the device passcode.

Once you're logged in, your device is automatically considered a trusted device. Or is it possible to keep the log in and the device won't be considered trusted device?

How could you log into iCloud if the robber changed your Apple ID password and can deactivate Recovery Key and delete trusted contacts?

My point here is:

If I want to change my Apple ID password on a desktop device I have to confirm access on an external device through two-factor authentication and type the "current password". Those are terrific security layers that seems not be available on the iOS environment.

Of course, no one should care about the device in a safety risk situation. But safety is about extreme situations. No one uses seat belt thinking on a crash, but "what if?". Everyone can buy a new device, but what about your privacy? What if your working on a secret project stored on iCloud, for example?

Again, my point is: why iOS doesn't provide the same security layers available on desktop devices?

I think this is hugely serious.

Thank you.

But in the iOS, the screen Password & Security doesn't have the "current password" field. Once a third-person has the lock screen code, he or she just can create a new Apple ID password. The two-factor authentication also isn't required if a password change is made on iPhone or iPad.

My point here is: the browser environment requires both security layers. But mobile devices like iPhone or iPad, which are more likely to be stolen, do not (or doesn't seem to require).

See the difference:

The problem is that anyone who gets the iPhone's unlock code through threat or coercion could be able to change the victim's Apple ID password, disable the Recovery Key or delete trusted contacts, for example.

Imagine robbery situation. The thief takes the mobile device and forces to provide the unlock code. He will be able to change Apple ID password and disable security features because the two-factor confirmation is not prompted.