Lifehacker has a great summary explaining the difference between Two-Factor and Two-Step Authentication.  Ultimately, the distinction is somewhat academic, but I think the key point is that the type of multi-factor authentication is less important than enabling the multi-factor authentication in the first place.  It is still important to understand the difference between the two (and the potential risks), but do yourself a favor and enable multi-factor authentication wherever you can.