The recovery code is meant to reassure users, especially those who have enabled two-step verification, that they are going to be able to access their account even if one or both authentication factors fail for any reason. Once the code is created, users can write it down and keep it in a safe place, to use in case of the aforementioned emergency.
The option to view recent account activity will help users to keep an eye on their own account use and change of security information, but most importantly will show whether someone else has (successfully or unsuccessfully) tried to gain access to the account, and has rooted around it:
"For each type of activity, we show you what kind of device and browser was used, and what location the request came from," explains Eric Doerr, Group Program Manager, Microsoft Account.
"If you see something suspicious, there’s an easy 'This wasn’t me' button that will help you take steps to protect your account."
Finally, security notifications can now also be received via SMS. Up to now, the notifications were only sent to the primary email address (users can't opt-out of this security feature). Many users are not checking their email accounts regularly, but usually have their mobile phones always with them and always on.