13 Comments

  1. Joe

    Sad. The plugin called “Two Factor Authentication” works very well for us, and is one of the most popular (excluding Clef of course!):

    https://wordpress.org/plugins/two-factor-authentication/

    Report

  2. helenlion

    Unloq is the multifactor authentication solution that I’m using for my websites. it works on all platforms, and they also have a WP plugin: https://wordpress.org/plugins/unloq/. it’s super easy to use, and they have a great support team. If your site has under 100 users, it’s free.

    Report

  3. Eric Mann

    One of the best features of Clef was its out-of-band authentication. The Clef servers played a big role in helping to authenticate users (explicitly using the cryptographic features of users’ mobile devices do to so). As great as the 2FA plugins recommended in the migration guide are, this is a feature they all lack.

    Instead, I urge those looking for a replacement to take a long look at either Tozny or LaunchKey. (Full disclosure: I work for Tozny.) Both services support two-factor authentication by way of out-of-band verification using strong cryptography on users’ mobile devices. In other words, they’re more solid replacements for Clef than merely depending on tools like Google Authenticator (which is also a solid tool, but an entirely different use case).

    Both services offer WordPress plugins that make integrating with the CMS super easy. They both also offer developer APIs that allow you to take authentication to the next level by adding even further security to your site. SMS-based one-time passwords, email-based magic links, etc.

    I’m fairly confident the teams at either service would be more than willing to help you make a migration well before the June 6th cutoff date for Clef.

    Report

  4. Kevin H. Stecyk

    Although not a Clef user, I highly recommend Wordfence Premium. Instead of Google Authenticator, which works fine, I use Microsoft Authenticator.

    With Wordfence Premium, we get two-factor authentication and best security available.

    Report

  5. Tony Zeoli

    I was a recent adopter of Clef. I found it to be a very smart system for two-factor authentication. Ease of use was key, including adding additional URLs (like a staging URL) quickly, so it would work regardless of the environment you were logged into. I added it to a couple of client sites and they were wowed by the experience of not having to type a pass code and beat the 20 or 30 seconds you had to type it correctly. Some people might say that’s easy enough to do, but if you’re multitasking and someone calls you on the phone exactly when you’re trying to type the numbers on the screen into the text field, the phone takes over and you either have to hang up on the person or answer and then toggle back to your two-factor authenticator app to grab the number before it expires and you have to type a new one all over again.

    Report

  6. Jeffrey

    I am not using their service, but I can feel the frustration of the users. I guess the competition is too cruel.

    Report

  7. Marvin

    I was just about to try clef because of the positive reviews…but after reading this, maybe not anymore :(

    Report

  8. Doug Smith

    It’s not ready for primetime yet, but I’m looking toward Sqrl for the near future.

    It’s totally open protocol that can be implemented with open source libraries, well documented, has an open-source reference implementation, uses well-known and tested crypto vetted by security experts, stores no secrets on the server that can be compromised, can work alongside existing login systems, and is the only password replacement system I know of that does not rely on a 3rd party.

    The protocol was recently finalized so I’m hoping it will get some action in the WordPress community before too long.

    Report

  9. modemlooper

    This seems like something that could be offered with the WP mobile app. Get a push notice for a TOTP.

    Report

  10. stephan hokanson

    Sigh.

    I *love* Clef.

    I use Dashlane to manage passwords, but Clef’s 2-factor implementation was so elegant, so magical, that I always turn off passwords for the WP sites that I administer and use Clef instead.

    I’d like thank the Clef team for the brilliant idea and flawless execution. I wish that it had translated into market success.

    I hope in some way, shape, or form that Clef can be resurrected.

    Report

  11. Mustaasam Saleem

    Clef was a very secure and safe. Disappointed with the decision, let’s see what the owner have in mind.

    Report

  12. Joe

    Some news from us at UpdraftPlus – we’re gearing up to replace the Clef plugin based on exactly the same idea:

    https://updraftplus.com/clef-user-updraftplus-now-gearing-replace/

    UpdraftPlus is one of only six commercial plugin companies in the world (including Automattic, Yoast and until recently Clef) that maintains a plugin with more than 1 million installs.

    We’re calling it “Keyy” and hope to launch in April. The plugin is already finished – just finishing the apps.

    Report

Comments are closed.

%d bloggers like this: