User verification serves to ensure that the person using the FIDO2 security key is in fact who they say they are. In other words, User verification ensures that the person is the true owner of the device. In comparison to user authentication that is carried out remotely by an MFA server or service, user verification is carried out locally by the security device itself and/or by a local client application. 

User verification can take various forms, such as password, PIN, fingerprint etc. 

There are 3 options for user verification

Not Required

This value indicates that user verification is not required or is discouraged when initiating registration or authentication. 
PreferredThis value indicates that the service prefers user verification for the operation if possible, but will not fail if user verification is not enabled. 
RequiredThis value indicates that the service requires user verification for the operation and will fail the operation if user verification is not enabled or was not carried out successfully