It doesn't work. The problem we have is that passwords can be phished, the solution to that is not to add a second phishable password called a "token". Is it better than nothing? Eh, in the unlikely event that you're a password re-user but not vulnerable to phishing, I guess?
Because even if you make it clear it doesn't solve any problem, people use it as an excuse to not deploy a real solution, like U2F, e.g. "we already support SMS 2FA, we don't think deploying U2F is necessary".
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.