Authenticating in more than one way. Factors include password, token generators, biometrics, geolocation, etc. It's composed of more than one type of something you know, have, are, etc. A common example is the RSA SecurID Token. It generates a new 6 digit token every minute. So every time a user authenticates, the user enters the 6 digit code along with their 4-6 digit pin. In this case it's something you know (your pin) + something you have (the token).

This is "secure" because if you lose your token for example, the attacker would have to know your pin as well. Or, if your pin is stolen, but you computer requires a fingerprint scan as well.

"Two Factor" authentication is often summarised as "something you have and something you know" eg a card and a password