This plugin adds an additional layer of security on to the attack vector that is the standard login form.
To be clear from the outset, your password should already be extremely strong, and unique from your accounts elsewhere online.
As it works on security-via-obscurity, it certainly should not be relied upon in lieu of existing or other security measures (like a strong password), but it works in tandem with them.
A great way of effectively changing the login form URL. The URL is bookmarkable, so active users can still get to the new login URL without having to remember the question and answer values. Password managers, including ones like KeePass that have an autotype, still work with the login form.
For the technically minded, the question and answer values are sent via a GET request, so they would appear in server logs and be sniffable over wifi for non-SSL sites. However, that means it's just one more step for someone to tackle before they can try attacking the login form - and if they have access to your server logs or they are a man-in-the-middle on your wifi, you already have bigger problems.
Tested on WP 3.6-beta1.