FTD-based firewalls are all managed via FirePOWER Management Center (FMC). FMC can use LDAP or RADIUS servers but not TACACS.
The 4100 series additionally runs FX-OS for the local logins to the cli and to FirePOWER Chassis Manager (FCM).
FCM can use TACACS: http://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos201/web-config/b_GUI_ConfigGuide_FXOS_201/platform_settings.html#topic_235A8EDB92A9497188AC71BC134B5A54
Two factor authentication is not natively supported in either FMC or FCM but you can use it with your backend RADIUS server and thus get it indirectly.