Two-factor-authentication is an additional security step during administrator login which can be optionally required.
Administrators have access to potentially large amounts of data. To additonally secure login to their accounts, you may want to consider enabling 2-factor-authentication (also known as 2FA).
You can enable this extra authentication step in "Admin home => Customise my organisation => Edit => Configuration => Admins require two factor authentication."
If you tick this option, admins will be sent a 2FA one time code to their configured mobile number (by SMS) when logging in. If they do not have a mobile number configured, they will be prompted to provide one and that will be used on the next login.
They will be not be asked to pass 2FA each time they log in, but rather once every "N" days, where N can be adjusted in the field below: "Max days between two factor authentications". This way you can freely control the security / convenience trade-off which is appropriate for your organisation.