What a great little plugin, thanks!
I would love a feature that would allow me to require LaunchKey usage based on user role. For example, I'd like to force site admins to set up a LaunchKey then, once that's done, no longer allow password access to the site for that user level. I'd like to be able to specify that for others as well.
In case a phone were to be lost, we would need to set up email confirmation to lock out the phone until a new link could be established. As for worries about "what happens if I am the only admin and I lose my phone" the solution there is simple: disable the plugin by renaming its folder via FTP; problem solved. You'd just need to error trap the fact the plugin had been turned off and on again then reconfirm the account.
Anyhow, TL;DR... any way I can remove classic typed password authentication altogether for editors an up is welcome. It would eliminate the most common attack vector for bots.