Answer Description
The three types of authentication factors are something you know, something you have, and something you are. In this case 2 factors are used: 1. The user must know the username and password. 2. The user must have a valid client side certificate.
Wikipedia
Multi-factor authentication (MFA encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is) MFA protects user data—which may include personal identification or financial assets—from being accessed by an unauthorised third party that may have been able to discover, for example, a single password A third-party authenticator (TPA) app enables two-factor authentication, usually by showing a randomly generated and frequently changing code to use for authentication
Multi-factor_authentication - Wikipedia, the free encyclopedia