There are all sorts of hardware tokens supporting various methods of authentication. For example, the YubiKey, is a small USB device that supports one-time passwords (OTP), public key encryption / authentication, and the Universal 2nd Factor protocol (U2F) developed by the FIDO Alliance. (Many companies including Microsoft, Google, Dropbox and PayPal currently support FIDO authentication).
Using a YubiKey is relatively easy. When you want to log into an online service, such as Gmail, or WordPress, you insert the YubiKey into the USB port of your device, enter your password, click in the YubiKey field and touch the YubiKey button. The YubiKey generates an OTP and enters it in the field.
(The OTP is a 44-character, single-use password; the first 12 characters are a unique ID that identifies the security key registered with the account. The remaining 32 characters contain information that is encrypted using a key only shared between the device and Yubico's servers, which was generated during the initial account registration).
The OTP is sent from the online service to Yubico for authentication checking. Once the OTP is validated, the Yubico authentication server sends back a message confirming this is the right token for you - the 2FA is complete.