It's simple to enable 2 factor authentication (2FA) for the entire organization or for an individual user.
2FA requires two forms of authentication to login. The first form of authentication is your email/password and the second form is an authentication token (a sequence of numbers) that is sent to you over email, SMS, or through an authenticator like Google Authenticator
To require 2FA for the entire organization, navigate to Settings -> 2-Factor Authentication. From within there, simply select to enable this for the entire organization. Generally, you should not require 2FA here if you are already using a Single Sign-On provider as they will often do 2FA as part of their login process.
As an individual user, you can also enable 2FA for yourself by going to your own profile. Simply click on your initials in the upper right and go to Profile. Once you click to enable, 2FA by email will be the default. You can also setup an authenticator app like Google Authenticator by selecting the link to setup one of these services.