Most folks cannot remember some useless "fact" they may have provided a year ago as a security question. (What was your 3rd grade teacher's first name? (I actually did get that one as an option. In the third grade my teacher's first name was "Mrs.")). And it gets worse if I make up a fake answer because then I have to remember that I told this site her name was Joan, but told that site it was Barbara. And I don't want to tell both the same, as that reduces overall security. So rather than muck with questions and then having to help someone who can't remember the name of the first pet their parents adopted after they moved out of the house (yes, I got that one, too), establishments moved to 2FA, where they send a temporary code to your trusted device for you to enter and which expires in a couple of minutes.
Let's be honest, you should be responsible for the security of your stuff. Put a strong password on your Mac and use it. Put at least a six digit password on your iPhone and iPad, and use it. Make your AppleID password really obnoxiously difficult and then use some security package to remember that 24 digit, random letters and symbols password for you. Make it something like "WqUt.QJdWPMsxW4vtBxvQu6N." (Not a password I use, btw.) Never reuse a password. Put a really strong passphrase (yes, multiple words) on that password keeper system. Put your system to sleep when you walk away from it. Ditto for your iDevice(s). The 2FA will then be useful because even if your stuff gets stolen, those strong passwords will prevent them from being used to access your account. But if you have no password, or some really simple one, then you are contributing the major part of the problem. And no passcode, pass image, questions process will protect you from yourself.
Here is a suggestion. There is an application called What 3 Words (what3words.com) that has divided the world into 1 meter squares and then given each of those squares a unique three word name. They designed it for GPS/SatNav navigation at greater detail than just a street address or postal code. So, need a strong password? Pick a spot from what3words, get the words and run them together. twirlsfacedlevels is not something likely to be easily guessed, but it's easy to remember I used the top of the Arc d'Triomphe to get the three of them. You could use your home front door, or back door, or apartment rooftop, or driveway--all of them have a different three word locator. Just don't pick something obvious like the Eiffel Tower, or White House, or Mt. Everest, although even with those, given the 1 meter square naming, you could probably get away with it as long as you remember to use the top of Nelson's Column in Trafalgar Square (powderlogsevenly) or the end of the awning at the south side of the White House (wedsstrokewooden). But your kids' favorite swing at the park? Where you crashed your car into that light pole? Where you were when you heard about the 9/11 event? You could even have a pretty clear hint for the location and still be relatively secure. To a thief "Favorite swing," "Crashed light pole," and "9/11" are not useful hints, but they could be enough to trigger you to go to What3words and get the passwords back.
Security isn't really hard, you just have to take the responsibility for it. 2FA makes it easier for you, harder for bad guys, but you do have to protect your stuff.
