“Which method is ‘better’ depends on what other factors (no pun intended), in addition to security, you are considering, such as cost, convenience and complexity.

 

Two-factor authentication typically involves a password/username combo along with a unique device such as a security token or a unique code that is sent to a phone paired with the account. The former can provide relatively secure authentication (unless of course the token is in the laptop bag that was stolen and the password is taped onto the bottom of the laptop), however, both authentication methods can potentially be circumvented.

 

Multi-factor authentication is more complex, yet potentially more secure than two-factor, usually requiring additional verification such as biometrics to include voice, retina or fingerprint recognition, etc., which is harder for an attacker to bypass. Depending on the nature of the organization (i.e. maintains critical infrastructure), the risk could outweigh the cost and multi-factor authentication may be preferred.

 

It's important to remember though, that with any new solution that enters the security market, attackers are going to attempt to find the holes. There are also other challenges to consider with biometrics. For instance, biometrics cannot be re-credentialed. The database containing this highly sensitive information would be lucrative and high-profile target for attackers. Strong database security and data encryption would be of the utmost importance.”

 

Source: https://www.forbes.com/sites/quora/2017/12/04/is-multi-factor-authentication-the-best-cyber-security-method/#752d197b7c4e