Both 2FA and 2SV are ok, but...

There are many easy hacks for 2FA and 2SV because the weak link is SMS. So, both are inherently secure, it is the out of band attacks that are very easy to carry out. Too many recovery methods make both easy to circumvent. They actually give a false sense of security. I find it surprising that Apple will send the code to multiple devices and even the one thieves are attempting to get into. The easiest work around for this is to have an authentication app, or one of those that already exist. Google (Gmail), Microsoft (Outlook.com), even Amazon support authentication apps. This way only one device has the one time code. Actually there are a lot more firms doing the authentication app. When is Apple going to do this?