Setting up two factor authentication security issue
I have just tried again to set up two factor authentication for Apple ID and have backed off for the same reason as last time when this was first introduced, when two step authentication was abandoned. At some point in the set up you are asked to enter not your Apple ID password but your device passcode. Nobody, not even the Pope, gets my device passcode and I have never before in any interaction with Apple been asked to provide this. Surely I cannot be the only person that finds this unacceptably intrusive and a breach of security? When you reach this point there are all sorts of dire warnings about iCloud data- I never use any aspect of iCloud except for Find my phone/Mac so that doesn't bother me except that you also find that all sorts of setting in iCloud which were firmly off are suddenly on!
Why is this being done? However much I trust Apple, they are not getting the plaintext of my device access codes. My concern is that for the moment you can avoid this by having security questions instead, but what if this is stopped? Will the choice be between giving up your most precious password, or reverting to pen and paper?
iPhone 8, iOS 11.2.6