Hate to be one of these guys, but the site is totally unreadable on Android Chrome. The left bar covers everything and won't move. Maybe offer a close or collapse button for it?
We use MePIN in our service and I have to say that it's working really great. Easier for the user and also more secure than Google Authenticator (for which secret key can be stolen more easily).
From your home website, it looks like you are relying on users deciding if they should authorize a request based on OS, web browser, ip address, and location.<p>Users are going to essentially ignore ip address. OS, web browser, and location are easy to spoof. If a half competent attacker makes a request, how is the user to know if they should authorize a request.<p>I understand that using OTP codes can be annoying to some users, but it is MUCH harder for a user to hand that code over to someone in order to login.
While two-factor authentication is a good thing from a security standpoint from service providers, I can't help but worry that it's a worry from an individual's standpoint: It's nothing but serving an IP address+account <-> mobile phone number relationship on a silver tablet. Do we really want that?
What's with those url changes? After a while about a dozen url anchors is cycled through which effectively kills the "back" functionality. If you go past them, you can't stay on the "main" page because another ones are added.