Really lightweight plugin, it seemed safe to implement and worked for day until admins reported issues. However, my case seems to be a conflict with Toolset Access and I am now having an impossible time trying to remove from my site. Even though I have deactivated, the combination of both these plugins seems to have corrupted the user access table. When an admin accesses the login page, we get a message "You don’t have permission to access this page." Sometimes, changing browsers/VPNs fixes it temporarily. There is no way to remove the plugin settings with uninstall.
This plugin is great for increasing login security by enabling Yubikey 2-Factor Authentication (FIDO U2F), or Time-based One Time Passwords (TOTP). It's very impressive; as if the Wordpress devs themselves integrated it. It even lets you create application-specific passwords (so you can log in with a password on the Wordpress app).