Answer Description
While all answers are methods of authentication, a shared secret would not count in this instance. This is due to the fact that the knowledge portion of multifactor authentication is already covered by the use of a password and would not count towards being an MFA mechanism. MFA is requires at least two of the following: something you know, something you have or something you are.
Wikipedia
Multi-factor authentication (MFA encompassing Two-factor authentication or 2FA, along with similar terms) is an electronic authentication method in which a device user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is) MFA protects the user from an unknown person trying to access their data such as personal ID details or financial assets A third-party authenticator (TPA) app enables two-factor authentication, usually by showing a randomly generated and constantly refreshing code to use for authentication
Multi-factor_authentication - Wikipedia, the free encyclopedia