Two-factor authentication is handled using an app such as Google Authenticator (similar to how Google’s two-factor authentication works) but an additional feature is app specific passwords. From App.net:
The second feature — application-specific passwords — is just as important and helps keep your account’s main password safe. When a native app requests that you log in, instead of using your account’s main password, you can generate a special one-time use password. This can be used by itself or in conjunction with two-factor authentication.
This adds another level of security since the password you’d generate for authenticating an app can only be used once and can’t authenticate or change the access rights again. Whilst this may not be particularly useful for authenticating a client such as Netbot, it would be for using a service designed to tap into App.net’s API web app that is designed to post on your behalf such as IFTTT.