Passwords are not enough to protect your data. That much should be clear after spending any amount of time on the internet. There are constant hacks and leaks of user data, which sometimes lead to cracked passwords floating around in the darker corners of the internet. Two-factor authentication (2FA) can protect your accounts, but not all services make it easy. Until recently, Twitter's 2FA was a pain in the butt, but it added support for authenticator apps a few months ago and didn't tell anyone.
Before the silent addition of third-party app support, you could only generate one-time login codes using the Twitter app's built-in tool or via SMS. That's far form ideal if you already use a 2FA manager like Google Authenticator or Authy. These apps work now, but the option is very out of the way. It's the sort of thing that's hard to find when Twitter doesn't bother to announce it (a Twitter dev told us this feature went live late last year or early this year).
To set up a 2FA app, you first have to enable 2FA with your phone number. Then, head into the web interface settings under Settings > Account. Click the button labeled "Setup a code generator app." Scan the QR code with your app, enter the code it generates, and you're all set. However, you are required to keep a phone number tied to your account. Bizarrely, removing the phone number disables 2FA. I would go so far as to call this dumb, but at least you have more options for getting 2FA codes now.