Two-step verification (also known as two-factor authentication or 2FA) provides a second layer of security to your email address. In addition to requiring something you know (your password), it also requires something you have (generally, your phone or a hardware token). Requiring a second element, often called a token, helps protect you from a number of common methods of gaining your password, like keystroke logger on public terminals, gaining access to your network connection, or even just looking over your shoulder when you type your password in. Unless the attacker also has access to your (constantly changing) second token, your password alone cannot be used to log in to your Pobox account and change your settings.
We have detailed instructions for setting up two-step verification on this page.
If you have enabled two step verification and use an email client like Outlook or Mac Mail, or your email client sends mail through smtp.pobox.com, you need to set up an app-specific password in order to send or receive email. (Email clients cannot use 2FA -- this is for accessing Pobox on the web only.)
To add an app-specific password, click on "Profile & Security" on the right side of your Pobox home screen. On the next screen, click Edit next to "No App-specific Passwords".
You'll then be prompted to authenticate yourself by entering your password. After authenticating, click Set Up Now.
On the following screen, select the password type and add a description before clicking Generate Password.
Copy and paste the automatically generated password into your mail client's password section. Your mail client will save the app password, so you don't need to write it down or save it.
As a note, app-specific passwords cannot be the same as your main account password.