Since Apple refuses to allow merging of Apple IDs, I have multiple IDs: iCloud, iTunes and other. The way Apple implemented this, you have to use the Find My IPhone app or SMS. The Find My iPhone app is tied to iCloud so it can only be used with an iCloud account, making it useless for a separate iTunes account which is where my devices are registered. That leaves SMS, which also has issues since the same phone number can't be used for different accounts. Plus many people, myself included, don't pay for SMS so it costs them 20 cents per validation.
So Apple's whole 2 steps authentication fails as it has for most companies. Some, like Yahoo, can't even get it to work at all. I've never received a single verification SMS from Yahoo, no matter how many I request. Yahoo simply refuses to send it to me, despite my carrier being on their approved list. Yahoo's 2-factor implementation is rock bottom.
On the other end of the spectrum is Google, who is among only a handful of companies who have got 2-factor authentication right. With Google's one app, I can verify any number of Google and even Dropbox accounts. Other companies like Blizzard and Paypal (Verisign) use the same method.
Personally, I think all companies should use Google's authentication app of something similar. Implementing 2-factor authentication requiring SMS or an active Internet connection is simply a fail.