Does anyone else implement two-factor authentication this way? Because that’s unbelievably stupid. Why would you need to reset an attacked account’s password if they have two-factor auth? And how can you expect 99% of your users to keep a copy of their recovery key — especially when your own website points out that they’ll be able to create another as long as they’ve got their original password and device? This is a policy that can only, mathematically, end up locking out 100% of Apple’s users over time.
I have my recovery key in 1Password, but I’m considering turning two-factor off for my account (assuming that’s even possible), because Apple’s online services can’t be trusted with anything and I feel pretty stupid for signing up to be an early adopter of new security measures that of course they rushed to implement without understanding the consequences.
Don’t forget that, since iOS 7, your devices are locked to your iCloud account. So “just create another account” doesn’t only make you lose everything you’ve ever bought on the App Store.