2FA requires two authentication factors from different categories: knowledge (password), possession (phone/hardware key), or inherence (biometric). Any two from different categories.
Password + PIN = NOT 2FA (both are knowledge factors). Password + authenticator app = 2FA (knowledge + possession). MFA = two or more factors. Strong 2FA: FIDO2/WebAuthn hardware key (possession) + biometric (inherence). SMS is weak 2FA (SIM swapping). Better than nothing, but upgrade when possible.