If you have two-step authentication enabled on a WordPress.com account, you do not need a separate password to log in to the app.
After you enter your WordPress.com username and password, the app will prompt you for your 2-step verification code. You can use the code from your authenticator app, an SMS code, or a backup code to log in.
If you use an app that adds 2-step authentication to your self-hosted WordPress, you will need an application-specific password to log in to the app. Please check your plugin settings or contact the plugin author to create an application-specific password for the app.