While it's called Google Authenticator it has no tie-in to Google's services. It's a open algorithm that generates a 6 digit code based on a shared secret and the time. Clients are available for all the major smartphone platforms. The Wordpress plugin adds a third box to the login page and validates the 6 digit number is correct as well as your username and password, such that just knowing a valid username and password for an account with Google Authenticator enabled isn't sufficient to get access to Wordpress.

There's been lots of discussion on OATH HOTP (of which Google Authenticator is an implementation) on the excellent Security Now podcast. Well worth a listen if you're interested in these things. Because it's an open standard it's beginning to be adopted for other services too (Dropbox, Amazon, Facebook, LastPass, Evernote to name a few).

Fail2Ban has been invaluable today. My VPS ended up blocking over 600 separate hosts all trying to log in to one of our installs in the space of an hour!

Alex