I'm increasingly impressed with the philosophy of use of Rublon; to me it's really two-factor authentication (TFA) for the rest of us (pardon the riff off Apple's original claim of surprisingly effective simplicity). I love it and hope it attracts a lot of users because it's truly PERFECT for us security-minded site administrators in providing login security without too much hassle for the user.
Now, if you'll allow me, I have a suggestion. The WordPress system permits granting plugins per-user right to use, depending on that user's role / capabilities. So, why not add something so that the top-level user, the administrator, can select which roles (categories of users) may use Rublon, or indeed must use Rublon? It makes sense to mandate use of Rublon's TFA for higher-level users.
So, the suggestion is to add an option in the control panel for (only) the site administrator to select (via checkboxes) which roles must use Rublon, and which ones may use it. I believe that especially the possibility of making use of Rublon mandatory for certain level of users (e.g. editors, authors) is very useful, in a multi-user (cooperative) type blog.