We won't be implementing a fixed-field for "Secret Key" any time soon. We've heard overwhelmingly from our users that the standard Joomla login module which has a 'secret key' field is very confusing to the vast majority of users that don't have it enabled. We agree with that.
Again, we fully support the two-factor authentication key with the SCLogin module. We think that we do it in such a way that isn't confusing to the user as almost all two factor authentication implementations on websites use the same flow as the SCLogin module:
* Enter username/password -> Submit
* Get a prompt for the Secret key
Examples are: Cloudflare, Google (Gmail, docs, everything), PayPal, Facebook and slews of others
I can't think of any sites, outside of Joomla, that show all 3 fields by default as it's simply confusing.
If you really are a proponent of users using two factor authentication on your site, then you should be promoting it as a feature somewhere. The user can choose (or be forced) to enable it, but I don't think the login area is the right way to promote such a feature as it, more than likely, will confuse and scare away prospective users who have no clue what a "secret key" is.
I hope that helps explain our position. Any feedback is more than welcome, of course.
Thanks,
Alex