Excerpt from this article:
One possibility is that they are passwords, tweeted out as whoever is behind the account gets used to the new security procedures governing it. There are a lot of theories out there on how it might have happened. By far the most likely is that of the Guardian’s Alex Hern, who identified one possible way that could happen, if the @PressSec account has two-factor authentication activated.
Two-factor authentication provides an extra layer of security for password-protected accounts, and it would be good for the official account of the press secretary for the White House to have it. In fact, it would be good for anyone with a Twitter account to have it. According to a brand-new Pew report on cybersecurity, about 52 percent of Americans have used two-factor at some point to manage an account.
In case you are one of the 48 percent of Americans who haven’t used it, here’s how it works: In addition to entering in a password, two-factor requires users to enter in a randomly generated code that changes with each login, usually sent to your phone through either an app or a text message. For Twitter, those codes are sent via text by default, from a number that should look familiar to any longtime Twitter users: 40404.