It's called Two-Step Verification simply because it verifies you twice before granting access to your account using two things: your password and something that is with you like your phone. You should enable this in all your online accounts that support it. Why? To protect yourself and your data from being accessed by unauthorized peeps even if they get a hold of your password.
Social engineering: phishing for your password
How do other people gain access to your account? They steal and then use your password. How? By social engineering. What's that? It's a broad list of mind tricks to get you to surrender your information. One rampant method is phishing.