Apple uses a clever trick for hard disk encryption, where lots of people managed to encrypt their hard drive and then didn't know the encryption key: When it's first turned on, your hard drive isn't actually encrypted. You need to enter your encryption password once more. Only then does the encryption start. If you forgot your password at that point, which happened to a huge number of people, then encryption was turned off (which was simple since nothing was encrypted).
Apple could do that with two-factor authentication: For two days, they could just _pretend_ you have two-factor authentication, and after two days they ask you for your recovery key. Only if you have it, the real two-factor authentication is turned on. Of course this can't help if you lose the recovery key later, but it helps really stupid users.