I can find no mention of a recovery key for Apple's Two Factor Authentication (which is different than Two-Factor Verification). Where does one find this?
The old system pushed 4-digit OTP's from Apple to a trusted device of your choice using the Find-My-(iPhone|iPad|Mac) system or an SMS. Only iOS devices could be registered as "trusted" for this system.
The new system shows login attempts on all trusted devices (iOS9 or OS X 10.11 devices) automatically including basic GeoIP location, and will show a six-digit OTP if you want to allow the session. It also allows trusted devices to generate verification codes (a six digit OTP) when offline, e.g. if you need to login to iCloud.com from a public computer but your phone has no data/cell service. Or if for example you have your Macbook with you, but no Wifi access, and your phone battery is flat, and you need to access your account via another computer.
> Surprised Apple would launch something like this
Why is this surprising? They've had 2-step verification available for several years, this is an improvement over that.
> Yes. Two-factor authentication is a new service built directly into iOS 9 and OS X El Capitan. It uses different methods to trust devices and deliver verification codes, and offers a more streamlined user experience.
Basically, it uses a (presumably) more secure method for handling verification. One benefit of this is OS X computers can now be trusted devices that display verification codes (Two-Step Authentication only allows iOS devices to be trusted devices)
