I realize that I am responding to an old thread, but I would NOT recommend 2FA.
I had my account compromised (they won't tell me how someone could have done this). Someone got in changed my password and changed the trusted device (which was my phone) to their phone (not sure in which order they did this). I had an iPad that was stolen and they suspect it was done through that. I have been battling with Apple over this. According to them, since I had 2FA and my account was compromised, they won't help me get my account back. In addition, I have thousands of dollars in equipment that is now activation locked and I've lost all of the purchases I've made. Had I not had 2FA, they would have been able to get me my account back.
Apple said that I can dig up the receipts for my devices and have them wiped at an Apple store. I begrudgingly did this and when I got to the store, I was told that my receipts from Best Buy, Target, and the Apple store itself are not valid proof since they don't show the serial number. So now, I have thousand of dollars in paperweights. Apple is flipping me the bird and my kids are crying since they can't really use their iPads. Their favorite game no longer works since it requires an update.
To add insult to injury, I asked them to remove the credit card from my old account. They said No and that I would have to cancel the card. The problem is, I don't know which card was on my account. They won't even give me the last 2 digits so that I can cancel the correct card.
The frustration I am experiencing is beyond belief. Especially, since it is so simple for me to verify my identity and whoever has my account cannot. (I can walk into an Apple Store with my driver's license and credit card on the account....I'll have to bring them all since I don't know which one it is) I also still have access to the email for which the account is setup. That was never compromised.
So......I will NOT be using 2FA.