Every application that requires to identify its users needs a security mechanism to keep track of logins and perform access control. The world of web is not safe and it is a necessity to have an authentication mechanism for every application that you might want to build/use.
There are mainly three kinds of authentication.
- Knowledge based : something you know. Eg:- password, the TAN send to you via phone, passphrase, etc .
- Ownership based : something you have. Eg:- smart cards, yubikeys, certificates.
- Biometric : something you are. Eg:- fingerprint, iris
In a system that requires a strong security is highly recommended that you implement atleast two means of the above categories. It is generally called multi-factor authentication. On the other hand, there are 2-step verification / similar approaches that have two authentication mechanisms, but both falling in the same category. The google 2-step verification is an example for this.
Web applications makes use of various authentication protocols mainly basic access authentication, digest access authentication, form based authentication and OAuth. You can read in detail about the protocols in here.