Historically, when logging into the Elasticsearch Service user console, users were prompted to provide their username and password. A common security request is to have another authentication factor (a short-lived token, a mobile device) as another security layer, reducing chances of an unauthorized person getting access to the account.
Users can enable MFA and select to use either Google Authenticator or SMS to authenticate via a second device. This is available under a new Security page under the Account section in the user console. Once a device has been added users can enable MFA.
Note that 2FA and MFA described in this video are for the Elastic search Service Console, not self-managed individual Elastic Stack Environments.
You can watch this video also at the source.