From the help text on PyPI about API tokens (link):
We strongly recommend you authenticate with an API token where possible.
Why is that? What are the issues with using my login/password if I am the only person working on a Python package?
Solution
If you re-use your password elsewhere (you shouldn't, but people do), then if PyPI is compromised, your other accounts could get compromised.
Using your username and password gives permissions to all of your projects, but tokens can be limited to a single project.
You can use multiple tokens across multiple machines, so if one token becomes compromised, you can revoke it without affecting other machines or projects.