Google Authenticator for your WordPress blog.
Really easy to handle, but it would be nice to have a mechanism to only allow logins if they use 2nd factor!
Works as advertised, no issues.
The only drawback is that - despite the tooltip - users are confused about the new field on the log-in screen. It doesn't even help to inform them in their sign-up emails (because after some weeks they forgot, or they use one login for a company, or they don't read the small print ...)
A great enhancement would therefore be to have the field by default hidden (reveal with checkbox) or to make it (like Google, Dropbox etc.) in two steps: only users who have GA enabled see the field for the code in the next step.
Just giving 4 stars, because of:
* undocumented feature "use app password" - what does it do??
* I'd prefer a 2nd login page for the time based password, so unauthenticaed users dont see you're using this plugin.
Otherwise it is an excellent plugin which greatly enhances your security. Very much recommended!