Two-factor authentication (2FA) is the process of combining two separate forms of identification to uniquely identify an individual. It is often used as a second layer of security for protecting login credentials for a website like SSO.
The 2FA process is sometimes referred to as “something you have and something you know’ because the two factors are usually something physical like a debit card and something memorized like a passcode.
According to Wikipedia:
Two-factor authentication provides unambiguous identification of users by means of the combination of two different components. These components may be something that the user knows, something that the user possesses or something that is inseparable from the user. A good example from everyday life is the withdrawing of money from a cash machine. Only the correct combination of a bank card (something that the user possesses) and a PIN (personal identification number, i.e. something that the user knows) allows the transaction to be carried out.
In the SSO two-factor authentication process, the something you know is your UIN and password. The something you have can be either a mobile phone, a pre-authorized passcode, or a landline phone.