From the drupal security mailing list (http://groups.drupal.org/node/293943#comment-914498): "If you have good passwords on the accounts you value, you might actually better off with the brute-force than with login_security and the multi-factor authentication modules.
"Module provides Drupal installation with various security hardening options. This lets your mitigate the risks of exploitation of different web application vulnerabilities."