Like real password recovery, 2FA isn't possible. Both need a 3rd party involved. The blockchain can (shall) not be connected to an external centralized service. You never know how long those last. Imagine Google 2FA going down, and nobody being able to access their accounts.

The password recovery here is a compromise. By this feature, Steemit inc. (or whoever you choose later manually) has the option to revoke a key change, nothing else. This was introduced to help out when your account was hacked. The limit of 30 days is in place, because it wouldn't be possible to sell an account otherwise. The old owner could just initiate a change to the old keys any time.