2FA protects against a range of password attacks, but is obviously dependant on your ability to authenticate with this 2nd factor, meaning 2FA also adds a new, previously not present, risk.

The recovery code is to reduce this new risk so you can perform authentication without MFA in exceptional circumstances

How is this different from normal password authentication?

If implemented correctly (There is no guarantee):

First of all you can not choose recovery codes as you choose a password. The recovery code is generated for you so it is unique, limiting exposure only to that specific application/service. They can also only be used once.

Secondly, this is not the normal authentication flow and authentication with recovery codes is monitored extensively.Very often there are additional restrictions in place, such as no possibility to change key account information, etc…If misuse is detected, preventive actions are taken to protect you.