1. Yes, you'll have to always use the bookmark. The Login Dongle plugin causes the standard Log In button to not work. It also makes it impossible to automatically check your login data. Brute force attackers, when trying to get access to your blog, not only use programs to try many different combinations, but they also do it without ever filling the login page...
2. Each of your contributors can access your blog as they were used to, without the need for a bookmark. That is actually a good thing, because the most attacked account is usually the "admin". However, each of them can have their own different bookmark, and also completely different from yours. They can configure their login dongle by themselves or you can do it on their behalf as the admin. Each user's profile is where the login dongle is configured, saved, and drag-and-dropped to the bookmarks bar and / or sent to their email.
Remember two things: (a) the plugin works ONLY for users whose challenge is set to something not empty, otherwise the standard Log In button will work as usual for them. (b) If you configure your other contributors' login dongles, then they must create their bookmark using the code they received in the email, BUT if they configure their login dongles themselves then they can drag-and-drop the bookmarks.
(I think they were 2, really ;-)