Apple introduced two-factor authentication in 2015 as an improved version of its two-step verification method for securing an Apple ID account with both a password and a secondary form of verification. Two-factor authentication requires an Apple device with iOS 9, OS X El Capitan, watchOS 2, any tvOS version, or later.
The two security methods are similar in many ways, but two-factor authentication automatically sends a six-digit verification code to all trusted devices registered to a given Apple ID, whereas two-step verification manually prompts users to send a four-digit code to any SMS-capable trusted device registered.
Two-factor authentication also displays a map on all trusted devices with an approximate location of where an Apple ID sign-in attempt occurred when a user is trying to access the account from an unknown device or on the web.
Apple's two-factor authentication method disables the Recovery Key by default, since offline verification codes can be generated on trusted devices in the Settings app. On iOS, users can still enable the Recovery Key as a backup method in Settings > Apple ID > Password & Security > Recovery Key.
The full text of the email is copied below:
If you install the iOS 11 or macOS High Sierra public betas this summer and meet the basic requirements, your Apple ID will be automatically updated to use two-factor authentication. This is our most advanced, easy-to-use account security, and it's required to use some of the latest features of iOS, macOS, and iCloud.iOS 11 and macOS High Sierra public betas will be available in late June through the Apple Beta Software Program. The software updates will be available for all eligible iOS devices and Macs in the fall.
Once updated, you'll get the same extra layer of security you enjoy with two-step verification today, but with an even better user experience. Verification codes will be displayed on your trusted devices automatically whenever you sign in, and you will no longer need to keep a printed recovery key to make sure you can reset a forgotten password.