After enabling Two-Factor any user that doesn't have it enabled will receive a notification in their dashboard suggesting they enable it. If they choose not to, simply clicking the X will disable it forever.
After enabling Two-Factor you'll need to enable the provider(s). You have the choice of TOTP, email and backup codes.
Once Two-Factor is enabled visit your Profile page to finish the configuration. On the Profile page select the provider(s) you would like to use. If you choose more than select one to be the primary provider.
If you using the TOTP provider You'll need to scan the QR code using your TOTP app and enter the secret code to authenticate it.
If you selected the backup code (highly recommended) you'll need to generate the verification codes, and save these somewhere safe. You won't have access to them here again.
After this is all set up, you'll be prompted to enter you authentication code after successfully entering your username and password to login.