Was great against botnet login attempts, now they have returned

Before the last update, the login url was completely masked. It kept most login attempts by botnets outside. Which was really good. Now, you are required to fill in a passcode (like Google Authenticator, only the code stays the same for ever, until you change it).

Would be awesome if I as the admin could use both the masked url as well as the passcode. I know, this only provides basic security, but hey.. it worked before. Now most botnets will try anyways, which I don’t want them to.