I highly recommend that everyone use two factor authentication on as many accounts as they can, but there has always been one particularly scary aspect to Apple’s implementation of this. When you enable two step verification on an Apple ID, you are essentially cutting off Apple support from ever being able to help you with you account ever again. According to Sophos, this will be changing with OS X El Capitan and iOS 9.
With the new 2FA system, Apple customer support will work through a detailed recovery process with users who lose access to all their trusted devices and phone numbers.
The company will review your case and contact you at the number provided when your Apple ID is ready for recovery. After that, an automated message will direct you to iforgot.apple.com to complete the required steps and regain access to your account.
The company says it will take a few days – or longer – to recover accounts this way, depending on how much information you can provide to verify that you really are the account owner.
I feel much more comfortable with this method. While locking an account forever had the advantage of preventing social engineering attacks like the one that hit Mat Honan, it had a pretty extreme downside. Any issue that locked you out of your Apple ID meant that your Apple ID was lost forever. No force on earth could get it back. Given the amount of important data tied to Apple IDs (purchases, cloud storage, device registrations), this was too heavy a hammer. Having a process to recover access to an account that is slow and methodical is a more appropriate balance between security and good customer service.