Google's spam guru, Matt Cutts, put it best: two-factor authentication is a simple feature that asks for more than just your password. It requires both "something you know" (like a password) and "something you have" (like your phone). After you enter your password, you'll get a second code sent to your phone, and only after you enter it will you get into your account. Think of it as entering a PIN number, then getting a retina scan, like you see in every spy movie ever made. It's a lot more secure than a password (which is very hackable), and keeps unwanted snoopers out of your online accounts.
Here is a list of websites and whether or not they support 2FA.