that's the point. if you've setup any other devices and they are still logged in, they will get the popup regardless of SMS phone number.
I've had none of these problems. That's not to say they don't exist, but the root cause it seems of the OP's issue is not being able to revalidate the account and get a new password. Once the new password is established, then getting the account setup on one device, then another and another is not problematic.
If one can't recall the password, or the security phrases setup, or the credit card on file, or if other devices are not signed in - then yes, getting that re-authentication and/or password reset is difficult. Should be doable in short order once you get through all those other validation steps though. The last time I did this for someone else (who had forgotten or misplaced all those details and the CC had expired so they had disposed of the card) I ended up being able to authenticate the user by items they had ordered on the app store, movies, apps downloaded, essentially a HISTORY of usage. Apple is pretty prepared to work with the user to re-authenticate.
As to the 2FA or 2 step? Isn't that essentially the same thing? If it's two STEP then there are two FACTORS required. The initial account name and password (considered ONE factor) and then the authentication CODE which is send either to a trusted device or SMS. Without BOTH of these two unique elements it won't authenticate a new (or even known but low usage) device.
[doublepost=1518115345][/doublepost]
or just use the google authenticator APP. I think apple will move in this direction as well, soon enough. Technically, this technology has been around for decades..