I got those points, Patrick. But from your description, the 2FA worked exactly as designed. Changes were requested, the system asked for confirmation of his authority to make the changes. I don't know what the "unnecessary problems" were, but the 2FA seems to have worked. In any event, it's not Apple's implementation. When I try to do something that Apple thinks is security involved, I get a code on my iPhone, iPad, Watch and on Messages on my MBP to be put into the appropriate input space on the screen. All of those devices have security set up to be used by just me--facial recognition on my iPhone, Watch tied to the iPhone, iPad uses fingerprint, MBP has a password for my account. If someone tries to make a change to MY AppleID, for example, as soon as they try, the code comes to me, not them. If my devices are stolen, they have the security mechanisms I've already listed. So basically, when 2FA kicks in for me, it's dead simple to get the security code into any and all of those devices to satisfy the security check.
I've only seen one mess up with 2FA. My wife was out for the day and I decided to do some updating on her Mac. I had her AppleID and password, so I thought I was set. Some of the changes were simple, but one required 2FA. The challenge was that she had her iPhone with her, so the code I needed went to her. When I realized that, I just left it and figured I'd come back to it when she came home. She did call a few minutes later about the strange code on her iPhone, worried it was somehow a security issue. I told her what I was doing, we laughed about it and let it go. When she got home, I repeated the thing I wanted to do, got the code on her iPhone, entered it and the process finished. I called it a "mess up" but the only mess was me forgetting that what I wanted to do was a security issue. 2FA worked perfectly but the user had a fault.