So, I use two factor authentication for a variety of services. It’s great for security.
It’s also a royal pain in the ass to be (re)inputting secondary authentication information all the time. That basic ‘pain point’ is sufficient to dissuade most people from setting it up. I support Twitter adopting this, and for some people it’ll be awesome. For most people it’ll just be a pain in the ass.