Two-step authentication requires that you enter some additional information after your password. In most implementations, a service will send you a text message when you try to log in. The message contains a code, which you then enter into the site. This improves security in an obvious way: attackers will need your phone as well as your password.
Gizmodo has an article about how to turn on two-step authentication for lots of sites including Apple, Google, Facebook, Twitter and more.