Protect your dashboard without editing the .htaccess file -- the FIRST one that completely blocks remote bot login requests.
Game changer....really? I liked the old masked URL's better, that was a game changer.
This passcode/pincode thing is definitely NOT a game changer. I use Google Authenticator and Login Lockdown to take care of this. Google Authenticator will at least change the pincode every 30 seconds. This plugin has now become more noise in the WordPress Repository.
Please bring back the masked .wp-login.php feature.
Good idea but causes some plugins to break.