...
The second factor can be something you have (using a physical security key, a code generator or a mobile phone). Combining two factors improves the security of the authentication, at the cost of reducing the convenience for the user signing in. To reduce inconvenience, it is common to allow users to "'remember" ' the verification of the second factor using a browser cookie token. This way, users are not forced to always use their second factor, while an attacker cannot get access by having access to the password alone.
...