Apple two-factor authentication is faulty. It sends the two factor security code to the same device from which I am requesting a log-in

Apple two-factor authentication is faulty. It sends the two factor security code to the same device from which I am requesting a log-in. If I need to sign in to Apple ID, Icloud etc, I receive the code on the same device that I am trying to log in on. this is NOT 2 factor authentication. Additionally, when I just changed my apple ID password using my Macbook Pro, I could not log-in to apple ID using the same password on my phone. When I requested to change my Apple ID password on the phone, I was able to use the same password as the new password, eventually. However, I am quite confused about how this is supposed to work, because it doesn't.

The reason I needed to change my password was because I received a notification that someone tried to change my Apple ID password. So I decided I had better try to change it myself. this proved difficult, as some devices would not work with the new password. I wanted to change my apple ID itself, but since it needs to be a valid email address, this is not possible. Why can't we use a different user ID than an email address? This seems to be a major security vulnerability, as millions of people know what my email address is and can request to change the password. And because Apple 2-factor authentication sends the security code to the requesting device, it is not a secure system. Very much a flawed system.