Google and Facebook are offering two-factor authentication to help prevent your account from being hijacked. In both cases, you give them your phone number, then when you log in using your normal username and password, they send a code to your phone. You must enter the code as part of the login process. Gmail does this for every login, while for Facebook it’s only when you log in from a device that hasn’t already been verified.
Thanks to Josh for this topic.