Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification. Common forms of multi-factor authentication are SMS and voice codes, authenticator applications, fingerprint or facial recognition, FIDO2 security keys, hardware and software tokens.
If you only use a password to authenticate a user, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere (reason why password reuse is a major risk). With a single form of authentication, is it really the user signing in with the username and password, or is it an attacker? When you require a second form of authentication, security is increased as this additional factor isn’t something that’s easy for an attacker to obtain or duplicate.