Took me a moment to realize this was another two factor provider similar to Google Authenticator but only commercial in nature: https://www.authy.com/pricing
They have a free level for 500 authentications a month which might work for a single user but I could see that used up with a few active contributors posting often.
We currently use a WordPress plugin [0] that makes it save passwords using bcrypt. It looks like there's plans to make this the default in a future version of WordPress [1].
The most common way a WordPress site gets hacked seems to be through security vulnerabilities present in the WordPress code or some of the installed plugins. I assume this in no way provides protection from them.
> I assume this in no way provides protection from them.
No it does not appear so.
But recently we've seen a huge uptick of brute force password attacks against our WP installs. These are trying common username and password combinations. To combat these attacks we've started deploying a brute force detection and blocking plugin across our entire platform. But we've also looked at adding two factor authentication as well.
They have a free level for 500 authentications a month which might work for a single user but I could see that used up with a few active contributors posting often.
There is already a nice Wordpress plugin that adds Google Authenticator: http://henrik.schack.dk/google-authenticator-for-wordpress/