Before the last update, the login url was completely masked. It kept most login attempts by botnets outside. Which was really good. Now, you are required to fill in a passcode (like Google Authenticator, only the code stays the same for ever, until you change it).
Would be awesome if I as the admin could use both the masked url as well as the passcode. I know, this only provides basic security, but hey.. it worked before. Now most botnets will try anyways, which I don't want them to.