Authentication means proving you are who you say you are and that you have permission to do what you are trying to do. This is usually achieved by providing credentials in the form of an identifier (name or email) and a password. The effectiveness of this method relies solely on the strength of the password or the protection of changing that password, i.e. secured email access.
As methods of cracking passwords or illegitimately accessing others' emails improve and increase in use, relying on this "single factor" authentication is no longer enough. So how do we combat this? We can encourage (or enforce) people to use more secure passwords, but secure passwords can be challenging to remember. This can lead to people reusing the same password in multiple systems, which completely nullifies the security of the password if it is uncovered.
What is needed is another factor of authentication, another way to prove you are who you say you are. This factor can take the form of biometric identification, access confirmation in a linked app on another device, a hardware "key", or probably the most common type: a one-time password.
This concept is borrowed from cryptography, where the sender and receiver of an encrypted message have agreed to use the same secret key to encode and decode the message ahead of time. Once this key has been used, it is discarded — never to be used again. Hence "one time".
This second factor in authentication takes the form of a short passcode that is requested after the system accepts your identifier and password. This passcode can be provided by a specialised authentication app, a hardware device, or via SMS to a phone number connected to the account. These two systems have agreed ahead of time** what the passcode will be, and you have a limited time to enter the correct passcode.
The single-use, limited lifespan and separate device requirement of these passcodes mean that a person with malicious intent needs not only your identifier and password, but also access to your authentication device.
---
*Two-Factor Authentication is a type of Multi-Factor Authentication that only requires two factors.
**How they achieve this is way beyond the scope of this article.