No, Apple does not recommend nor require two Apple devices - Two-factor authentication for Apple ID - Apple Support
When a code is needed, it is sent by encrypted iCloud push notification to all of your trusted devices. A trusted device is one you have signed into iCloud on with your AppleID and password and is listed under your trusted devices at https://appleid.apple.com/
You must register at least one SMS enabled telephone number as a backup contact if iCloud push notifications are not working. And you are strongly encouraged to register at least another SMS capable number or a voice telephone number as an additional backup. This is especially true if you have only one Apple trusted device such as only an iPhone where your trusted device and trusted SMS capable number would be the same device.
From the above linked document:
”Trusted phone numbers
A trusted phone number is a number that can be used to receive verification codes by text message or automated phone call. You must verify at least one trusted phone number to enroll in two-factor authentication.
You should also consider verifying an additional phone number you can access, such as a home phone, or a number used by a family member or close friend. You can use this number if you temporarily can't access your primary number or your own devices.”
and
“What if I can't access a trusted device or didn't receive a verification code?
If you're signing in and don’t have a trusted device handy that can display verification codes, you can have a code sent to your trusted phone number via text message or an automated phone call instead. Click Didn't Get a Code on the sign in screen and choose to send a code to your trusted phone number. You can also get a code directly from Settings on a trusted device. Learn how to get a verification code.
If you use iOS 11.3 or later on your iPhone, you might not need to enter a verification code. In some cases, your trusted phone number can be automatically verified in the background on your iPhone. It’s one less thing to do, and your account is still protected with two-factor authentication.”