This plugin is very easy to set up, costs nothing, and provides two-factor authentication which does not require a mobile phone.
My reasons for using this plugin:
- Simpler and more secure than Authy. I had been using the Authy plugin for two-step authentication. Authy sends a text message containing a password to an SMS-enabled device, e.g., a mobile phone. However, sometimes the text messages fail to arrive promptly (probably delayed by the mobile phone service provider). Authy does not offer any alternative method for login. Authy requires the plugin user to verify identity by charging half-a-dollar to the plugin user's credit card. Not much money, but: Is it really prudent to give access to one's credit card account, and hope that the company keeps the information secure?
- An international solution. Among affluent classes, in affluent countries, smartphones, and reliable feature phones may be common, but there are many persons for whom a mobile telephone is a burdensome expense, and many parts of the world where reliable service does not exist. My WordPress website has users on every continent -- it would be unrealistic to presume that every user would have access to reliable mobile SMS service. This solution is low-tech and foolproof.