There is no “one way” for two-factor authentication to work. It refers to an philosophy of authentication, in that you have to provide two “factors.”

Most authentication today is single factor, with that single factor being a password.

It was long known that a single factor is pretty insecure and two-factor authentication was conceived to be a more secure upgrade. With this you have to have two different kinds of “factors” from the following categories:

* Something you know (like a password or pin)
* Something you have (like a keycard, or fob)
* Something you are (a part of your body, like a fingerprint, or retina)

How it “works” then, depends on the specific factors you are using. A very common implementation is to have a smart card along with a pin. You present the card to the badge reader and it then prompts you for a PIN. You enter the PIN and the system validates that the PIN and card combination are valid.