Traditionally, access to online services was protected (typically) only by a username and a password. This type of authentication can be described as a Single-Factor...
Some applications contain sensitive information, therefore require an extra layer of security besides just username and password. There are a lot of ways to add that extra layer...
