Clef is Shutting Down June 6th

Clef, a two-factor authentication service founded in 2013 has announced that it is discontinuing its product. Clef is most well known for removing the burden of remembering usernames and passwords by replacing them with a 300 character key using mobile cryptography.

The service’s WordPress plugin is active on more than 1M sites and has been removed from the directory. Clef will continue operating until June 6th, 2017. After June 6th, the mobile app will stop functioning and be removed from the Google Play and Apple App stores.

Users are highly encouraged to transition to a different two-factor authentication provider as soon as possible. Clef has published a transition guide to help users switch to Two-Factor, Authy, or Google Authenticator.

The announcement offers few details as to why the service is shutting down. Brennen Byrne, Clef’s CEO, says the team is joining another company and that more details will be published soon.

Users and customers reacted to the news by expressing disappointment and sadness in the comments, “I am very very sad for that,” Furio Detti said. “And I must admit a bit disappointed — Clef was clever, clean, quick.”

“I need no more and no other. I’d like to know if the shutdown could be a sign of bad luck in business or a changing of strategy to improve the product. I tried many systems, but CLEF was the very best, the others, almost annoying crap.”

Others questioned how the company reached the point of shutting down, “Has something gone wrong or incredibly right?,” John Walker asked. “How can something so useful and reassuring be canned?”

“WordPress installer states over 1 million active users. That’s a lot of websites to just drop without tangible explanation.”

The decision to sunset the product was not an easy one, “We’ve considered a lot of options for how we can satisfy our responsibility to the folks who have used our product for a long time, but ultimately we felt like this was the only responsible option we could take,” Byrne said.

The service offered commercial business plans, including a $1,000 a month plan but couldn’t find a business model that worked, “We’ve been so happy to build a product that people loved and which had widespread adoption in the WordPress community, but we haven’t been able to find a business model which made the company sustainable,” he said.

It’s evident by the comments that Clef offered something unique. Whether it was the user experienceease of use, or working like magic, the service has a devoted fanbase that love the product.

Please spread the word that Clef is shutting down as potentially thousands of users may not discover it until their keycodes stop working on June 6th.

13 Comments


  1. Unloq is the multifactor authentication solution that I’m using for my websites. it works on all platforms, and they also have a WP plugin: https://wordpress.org/plugins/unloq/. it’s super easy to use, and they have a great support team. If your site has under 100 users, it’s free.

    Report


  2. One of the best features of Clef was its out-of-band authentication. The Clef servers played a big role in helping to authenticate users (explicitly using the cryptographic features of users’ mobile devices do to so). As great as the 2FA plugins recommended in the migration guide are, this is a feature they all lack.

    Instead, I urge those looking for a replacement to take a long look at either Tozny or LaunchKey. (Full disclosure: I work for Tozny.) Both services support two-factor authentication by way of out-of-band verification using strong cryptography on users’ mobile devices. In other words, they’re more solid replacements for Clef than merely depending on tools like Google Authenticator (which is also a solid tool, but an entirely different use case).

    Both services offer WordPress plugins that make integrating with the CMS super easy. They both also offer developer APIs that allow you to take authentication to the next level by adding even further security to your site. SMS-based one-time passwords, email-based magic links, etc.

    I’m fairly confident the teams at either service would be more than willing to help you make a migration well before the June 6th cutoff date for Clef.

    Report


  3. Although not a Clef user, I highly recommend Wordfence Premium. Instead of Google Authenticator, which works fine, I use Microsoft Authenticator.

    With Wordfence Premium, we get two-factor authentication and best security available.

    Report


  4. I was a recent adopter of Clef. I found it to be a very smart system for two-factor authentication. Ease of use was key, including adding additional URLs (like a staging URL) quickly, so it would work regardless of the environment you were logged into. I added it to a couple of client sites and they were wowed by the experience of not having to type a pass code and beat the 20 or 30 seconds you had to type it correctly. Some people might say that’s easy enough to do, but if you’re multitasking and someone calls you on the phone exactly when you’re trying to type the numbers on the screen into the text field, the phone takes over and you either have to hang up on the person or answer and then toggle back to your two-factor authenticator app to grab the number before it expires and you have to type a new one all over again.

    Report


  5. I am not using their service, but I can feel the frustration of the users. I guess the competition is too cruel.

    Report


  6. I was just about to try clef because of the positive reviews…but after reading this, maybe not anymore :(

    Report


  7. It’s not ready for primetime yet, but I’m looking toward Sqrl for the near future.

    It’s totally open protocol that can be implemented with open source libraries, well documented, has an open-source reference implementation, uses well-known and tested crypto vetted by security experts, stores no secrets on the server that can be compromised, can work alongside existing login systems, and is the only password replacement system I know of that does not rely on a 3rd party.

    The protocol was recently finalized so I’m hoping it will get some action in the WordPress community before too long.

    Report


  8. This seems like something that could be offered with the WP mobile app. Get a push notice for a TOTP.

    Report


    1. I don’t understand. TOTP is offline. Doesn’t need a push notice.

      Report


  9. Sigh.

    I *love* Clef.

    I use Dashlane to manage passwords, but Clef’s 2-factor implementation was so elegant, so magical, that I always turn off passwords for the WP sites that I administer and use Clef instead.

    I’d like thank the Clef team for the brilliant idea and flawless execution. I wish that it had translated into market success.

    I hope in some way, shape, or form that Clef can be resurrected.

    Report


  10. Clef was a very secure and safe. Disappointed with the decision, let’s see what the owner have in mind.

    Report


  11. Some news from us at UpdraftPlus – we’re gearing up to replace the Clef plugin based on exactly the same idea:

    https://updraftplus.com/clef-user-updraftplus-now-gearing-replace/

    UpdraftPlus is one of only six commercial plugin companies in the world (including Automattic, Yoast and until recently Clef) that maintains a plugin with more than 1 million installs.

    We’re calling it “Keyy” and hope to launch in April. The plugin is already finished – just finishing the apps.

    Report

Comments are closed.