...
After entering your hosting username and password, you will be prompted for a one-time passcode which will be sent to you by email.
Upon successful authentication, an HTTP cookie is stored on the client device for 60 days removing the need to interactively perform 2-step authentication on every login. The HTTP cookie is a valid second factor as it is something the person ‘has’ as opposed to something they ‘know’.
...