There are three ways to implement two factor authentication

1. SMS: SMS provides a OK method of security: You just enter the code via SMS. But there are security openings: First, your phone can be stolen and sometimes SMS does not arrive. The first problem happens in real life.

2. Google autenticator aka TOTP: Google Authentifcator can provide a very good method of security: You just enter the code from that app on your phone. Only catch is that these codes can be phished.

3. Security Key aka U2F: Security Key's can provide the easiest to use and most secure. You simply plug it into a USB port. The downsides are you have to buy it and not every website has support.