A username and password are both examples of "things you know" which is only one factor. The factors are:
Knowledge (something the user knows)
Possession (something the user has; like a credit card or cell phone)
Inherence (something the user is, that is unique to the user; like a fingerprint)
Wikipedia
Multi-factor authentication (MFA; two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism. MFA protects personal data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password.
A third-party authenticator (TPA) app enables two-factor authentication, usually by showing a randomly generated and frequently changing code to use for authentication.