This plugin increases security of your admin panel by forcing all admins to confirm login via an email sent to the email address assigned to their admin user.
This not only means that a bad actor would need the full login and access to the admins email account in order to login, but also as an admin you can see who has authorized into the admin panel and when using what user account and from what IP.
The process is simple:
Admin attempts to login
Admins IP and Hostname are checked against authorized access list for that user
If user is not authorized they are directed to a "unknown IP address" banner, instructing them that they must click the authorize link in their email to proceed.
User clicks link in their email and are instructed that access is now granted for their IP and they must login again to continue.
User has 30 days access on the specific IP, at the end of which the process is forced again. If their IP changes the process starts anew.