Hi HaChou,

Please find the information below:

Two Factor Authentications - is a system wherein two different methods are used to authenticate. Using two factors as opposed to one delivers a higher level of authentication assurance.


The two components of Two Factor Authentication are:

• Password you already know
• Additional randomly generated password that refreshes

Traditional authentication schemes use username and password pairs to authenticate users. This provides minimal security, because many user passwords are very easy to guess. In Two Factor Authentication, the randomly generated password provides additional security component.
 
In the most common implementations of Two Factor Authentication, the randomly generated component is provided by a small token card. The token card is a compact electronic device which displays a number on a small screen. By entering this number into the system when you attempt to authenticate (login), you prove that that you are in possession of the card.
 
The number displayed by the card changes frequently, usually every 30 or 60 seconds. The system which you are authenticating to knows the number which should be on your screen. If the numbers match and your password is correct, you are authenticated.
 
To increase security, the electronic device is sometimes protected with a PIN. In these systems, you must enter the correct PIN before the correct numbers are displayed.
 
There are other mechanisms for providing the two factors, for example biometrics which users something you are rather than something you have (e.g. fingerprint, iris recognition), SMS messaging to a users mobile phone, smart cards.
 
Two Factor Authentication Examples
 
At Salesforce we use Two Factor Authentication in conjunction with our VPN – the user must know both ‘factors’ to be successfully signed on to the VPN. 
Our VPN vendor (Cisco) is different from our Two Factor authentication vendor (RSA). 

We added Two Factor Authentication to our VPN sign in
AppExchange Partner Solutions: IT Management :: Security & Authentication 

Nordic Edge On-Demand Security App uses both SSO & two-factor authentication.

Other Sources:

The Tech-Faq: http://www.tech-faq.com/two-factor-authentication.shtml
 
Single Sign-On (Delegated Authentication)
 
Single Sign-On / Delegated Authentication avoids the need to manage as many identifiers as systems you connect to. It allows you to change your password in one place and have that password effective anywhere.
 
Using single sign-on, you could delegate the authentication to an external system.
 
For example, you could authenticate Salesforce user logins against your corporate mail server, meaning users use their email password to access Salesforce. Alternatively you could authenticate Salesforce user logins against your corporate Windows server, meaning users use their Window’s password to log into Salesforce.
 
Single Sign-On / Delegated Authentication means a customer can setup their Salesforce org to look to another system to authenticate their users.  This other system may or may not use 2 factor authentication. For example – LDAP and Active Directory are two common authentication solutions, and either one of them could be used by a customer for ‘delegated’ authentication into Salesforce, yet neither of them is Two factor. 
 
On the other hand, a customer could choose to implement Two factor authentication and delegate their authentication to their RSA SecurID solution.  In this case, the end user would be at the standard Salesforce.com login page, they would enter their username, and then in the password field, enter their secret number followed by the number on their token.  Salesforce would then pass that to their RSA SecurID solution for validation, and if acceptable, allow the user access to their org.

Please let us know if this helps.

Best Regards,
Nagendra.P