after I enabled ga login on my site and after some weeks of use, I have found that the explanation is insufficient.
- Even if it says GA Login it seems not clear enough to some users, that they would have to use the code created by the Google Authentificator for login. I would suggest to change the simple "Code" in the login page to "Google Authenticator Code" or something similar.
- on the page where you create the code it only says "Everytime you submit this form a new key will be generated!". I think also some explanation should be included. Linking to this page http://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447 is a good start.
- Not everybody has an Android, iPhone or Blackberry. I think also linking to this Java Desktop application would be nice: http://blog.jcuff.net/2011/09/beautiful-two-factor-desktop-client.html
- The test login is nice but does it really needed to have a menu navigation link? I think providing a simple link in the user panel would be better. I think best would be to redirect to the test login page, after a secret was setup and approved by the user. One line of code setting in the $form the redirect.
I hope you understand my request. But the last week I really received many mails asking to reset the Login code because the users are playing around without knowing what they are doing.