With a long post on the official Steam blog, Valve has announced that around 77,000 accounts are hijacked and pillaged each month, a reason that pushes the company to alert the players to take precautionary measures to safeguard their accounts. Among the recommended security measures, there is, for example, the Steam Guard Mobile Authenticator (two-factor authentication), and, as Valve explained, it works this way:
"Two-factor authorization is the use of a separate device to confirm your identity. The security of this system is based on moving that step from your PC to a device a hacker can't access, such as your smartphone. PCs can be easily compromised, therefore a PC-based authenticator would not provide better security than a password or email authentication.
We needed to create our own two-factor authenticator because we need to show users the contents of the trade on a separate device and have them confirm it there. Requiring users to take a code from a generic authenticator and enter it into a hijacked PC to confirm a trade meant that hackers could trick them into trading away items they didn't intend to. This basically made it impossible to use a generic third party authenticator, such as Google Authenticator, to confirm trades."
For more and accurate details, you can read the blog post.