When 2FA is enabled, after entering the usual password, the user is prompted to provide a second form of verification. This could be a code sent via SMS, a prompt on an authenticator app, or a fingerprint scan. Only after successfully providing the second form of verification can the user gain access to the account.