NinjaWPass is a free WordPress plugin written to protect your blog administration console. It makes it basically impossible for a hacker who stole your password to log in to your console.
The way it works is simple but very efficient and it is being used by some large banking corporations in order to protect their customers online accounts

All you need to do is to define a second password (AKA the NinjaWPass password) from 10 to 30 characters.
At the WordPress login prompt, besides your current password, you will be asked to enter 3 randomly chosen characters from your NinjaWPass password. Whether your computer is infected by a keylogger or someone is spying over your shoulder, this protection will keep them away.

Additionally, the plugin offers the possibility to receive an alert by email whenever someone logs into your WordPress admin interface.

Installation :

NinjaWPass can be installed just like any other WP plugins.

1) Download the plugin to your local computer
2) Log into your WordPress admin console and click on the 'Plugins' menu, then 'Add New' submenu and select 'Upload'.
3) Upload the zip files; the plugin will be automatically installed.
4) Click on the 'Plugins' menu again, then 'Installed Plugins' submenu and activate NinjaWPass.
5) Click on its 'Settings' link and setup your new password.

Afterward, simply log out of WordPress and you will see NinjaWPass nicely integrated into the login form.

 Download  NinjaWPass