It's a best practice for internet security to use something called Two Factor Authentication. One factor is your normal password to enter a site. The second factor is a code that only you should be able to see to enter on the website. The code can be sent to you a number of ways: text message, email, or on an app. The first two methods are less trustworthy since thieves are getting good at intercepting our emails and text messages for these numbers. Using an app is best. Some websites tell you to use Google Authenticator or other third-party (but trustworthy!) apps. Some tell you to use their own app. For example, my bank has an app that generates these random numbers that only I can see.