When you setup a wallet in Electrum, you get the options:
- Standard Wallet
- Wallet with Two-Factor Authentication
- Multi-Signature Wallet
- Import Bitcoin Addresses or Private Keys
The 2nd option "Wallet with Two-Factor Authentication" is the "2FA" wallet option. It is a special kind of "2-of-3" Multi-Signature (aka "MultiSig") wallet that utilises a "third party" service called TrustedCoin.
Being "2-of-3", means that any two out of the original 3 private keys are able to sign a transaction.
The seed creates 3 private keys... #1 is put into your wallet file... #2 is "protected" by the seed and is "hidden" (unless you disable 2FA functionality when restoring the wallet)... #3 is held by TrustedCoin.
The system uses Google Auth "One Time Passwords" (OTP)... so you can use any GAuth app like Google Authenticator, Authy, Authenticator Plus etc...
The idea is, when you want to spend from your wallet, you create the transaction and sign it with key #1... the system then sends the transaction to TrustedCoin... and after you put in the GAuth OTP code, TrustedCoin signs the transaction with key #3... and then gives the fully signed transaction back to you for broadcasting.
The system is "safe" in two ones... one, you get the benefits of 2FA, no-one can spend from your wallet without the seed or 2FA device... and two, it has the safety backup, in that if you lose your phone, or TrustedCoin goes out of business, you can simply restore the wallet with your seed, disable 2FA functionality during the restore and Electrum will put both key#1 AND key#2 into the wallet file, so you can sign transactions without needing TrustedCoin or your 2FA device. (Note: this is meant to be an "emergency recovery" tool, and the idea is you can just rescue your funds and send them to a new wallet.)
You can read more here:
https://api.trustedcoin.com/#/electrum-helpand here:
http://docs.electrum.org/en/latest/2fa.html
