Wordpress Strong Authentication lets you authenticate users with a second factor of possession. Only if the user is able to provide this second factor, he is allowed to login.
Such a second factor can be an OTP display card, an OTP hardware token, a Yubikey, a smartphone App like the Google Authenticator or access to an mobile phone to receive an SMS or access to an email account.
The use then needs to authenticate with his wordpress password and in addition with a code, generated by his device or sent via email or SMS.
All the devices are managed in the backend http://privacyidea.org, the Strong Authentication plugin forwards authentication requests to this backend, which you can easily run on the same machine or anywhere in your network.