Following the advice I’ve laid out here, you’ll eventually have a long, long list of applications/devices you’ve registered as being able to access your account.
You’ll need to check and manage that list.

Recognised Devices:

Well, we find ourselves in the Security Settings page, under Account Settings again. Here there is an option Recognised Devices.
Selecting this gives you a complete list of the devices you have authorised via the two factor authentication system, Login Approvals.

You should read, check and understand each and every one of the listed devices. Anything you are unsure of, delete it.
Devices here is an odd term. You’ll actually find multiple browsers on the same device listed as they appear to be wholly distinct from Facebook‘s point of views. Also, if a device you have previously authorised is updated (application updates, operating system updates etc.) it can be that the new version is too different and Facebook will again insist you authorise the device. Thus the same device could be listed several times.
You should be notified of all unregistered devices accessing your account but this allow you to take control.
Of course, as ever, if you see anything really suspicious change your password immediately. Consider reporting it to Facebook if it looks like a serious breach.
Apologies to any reader from the US for the misspelling of “recognize” throughout. Facebook are inconsistent in how they spell the word for UK users too.