For authentication, Fidelity uses either a physical token provided by Fidelity
or the Symantec VIP Access smartphone app.
Fidelity only offers 2FA on certain account types. For example, they do not support it for institutional retirement accounts of the kind that might be set up through an employer.
It appears there is no information about this service provided online and it must be enabled and managed by phone.
As of October 2016, Fidelity also offers two-factor authorization, whereby customers may receive an authorization code before performing certain actions. According to Fidelity's documentation:
You will get a security code to verify your identity when you perform highly sensitive transactions such as setting up new bankwire instructions or changing our contact information.