...
First we should define "authentication". Authentication is simply the act of verifying an identity is who they say they are. Commonly this is done using a password to authenticate a username, which theoretically only the owner of the username would know. However this is a low level of assurance, meaning it is possible that another identity could also know that password and impersonate that user. Either the password was weak and simply guessed or , brute force attacked, or stolen via a keylogger , or phishing email, or via a compromise of another authentication system where the password was reused. Whatever the reason, passwords are constantly being compromised which leaves the systems they protect vulnerable to compromise.
The example above is an example of "single-factor" authentication. A "factor" is basically a type of authentication, commonly either a knowledge factor (something only the user knows), a possession factor (something only the user has), or an inherence factor (something the user is, biometrics or location based usually). Using "multi-factor" authentication, requiring two or more of the previously mentioned factors to be verified successfully, offers a much higher level of assurance. In the example above, an attack must steal a password and also something the user physically has in their possession or impersonate who they physically are, much less likely to occur. It also increases the accountability of the user and helps in auditing as the likelihood someone was spoofing another account is almost nil.
...