This is called 2FA, 2 factor authentication. It vastly reduces the risk of being hacked as after the first login password is entered a second is entered from something you physically have either from a card reader device like the banks use or a code sent by sms or a phone app.
Businesses using VPN should also use this for users logging into the office via a firewall eg Fortigate else it is a really weak point unless you are monitoring attempted logins 24×7/
If a site offers it, you should find good reason NOT to use it. Google, Paypal, Youtube are some big names that do and here is a list: https://twofactorauth.org/