Multi-factor authentication, also known as Two Factor Authentication or 2FA, is an electronic authentication method in which a computer user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence.
Something you know and something you have
Access is granted to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).
Biometric scanners for fingerprints and retinas or faces are on the upswing thanks to innovations such as Apple's Face ID and Windows Hello. But in most cases, the extra authentication is simply a numeric code; a few digits sent to your phone, which can only be used once.
Be aware that setting up 2FA can actually break access within some older services. In such cases you must rely on app passwords—a password you generate on the main website to use with a specific app (such as Xbox Live). You'll see app passwords as an option with Facebook, Twitter, Microsoft, Yahoo, Evernote, and others—all of which either are used as third-party logins or have functions you can access from within other services. The need for app passwords is, thankfully, dwindling with the passage of time.