The first factor of authentication will be something you know, such as a password or Pin or similar. The site can validate the hash (an encoded form of a password) with the hash in their database.

The second factor is a special key that is given to you. This can be sent by SMS, or shared with you when you set up 2FA and uses algorithms to change with time.

Other factors can also be used such as location, face recognition, fingerprint, a phone call with personal info quiz, etc.