Two-factor authentication (2FA) is a method of protecting an online account. The two factors—things that identify you—in 2FA: Something you yourself know, like a password; and something you have that can receive a token to confirm who you are, such as a smartphone.
Apple’s original two-step system relied on its Apple ID site for set up and management, and could only send codes to iOS devices and via SMS. Its update in September 2015 left two-step in place for those who continued to want to use it, but the 2FA revision was far better. Enrollment happens via iOS and macOS. Apple’s system isn’t as robust as some security experts would like, but it’s definitely better than a password-only option.