Two Factor authentication adds an additional step to the authentication process. In addition to requiring a valid email and password to authenticate, a two factor authentication code is required.
The general idea of Two Factor authentication is to require something you know and something you have to complete authentication. Using this pattern protects the User against having their credentials compromised because even if you know someone’s email and password, unless you also possess the device that generates the two factor authentication code you are not able to complete an authentication process. In most cases the device the user will possess will be a mobile phone.