The easiest and most secure way to log in to WordPress: no passwords, no temporary codes, single sign-on/off.
Very. Clef leverages the computational power of your smartphone and the proven strengths of distributed, asymmetric cryptography and multi-factor authentication to provide secure WordPress logins in a beautifully simple and easy-to-use package.
Clef protects WordPress not only from insecure passwords but also from malicious forgotten password resets and bruteforce attacks.
Clef's architecture is fully distributed so it stores no user credentials on its servers. When you use the Clef App, you create a profile and a private encryption key that never leave your phone. The Clef App uses that data to generate a unique, encrypted, digital signature every time you log in. Since all of your personal info stays on your phone, nothing in the Clef database can compromise your identity even in the unlikely event that the server is hacked.
Simply visit Clef's "lost phone" page to deactivate your phone. Once you've deactivated, you can reactivate on a new device and all of your accounts will transfer over.
Clef is and will always be 100% free.
As long as your users register on their Clef Apps using the same email address as their WordPress accounts, they can start using Clef instantly. Also, once Clef for WordPress is activated on your site, your existing WordPress users can link their accounts to Clef via the Profile page in WordPress.
Clef can protect WordPress in hybrid mode (passwords allowed) or full Clef mode (no passwords). If you want to enjoy the protection of full Clef mode but still need to allow passwords for users who do not have smartphones, then on the Clef Settings page you can create a secure override key that enables password logins at a secret URL.
Requires: 3.5 or higher
Compatible up to: 3.9.1
Last Updated: 2014-5-26
5 of 6 support threads in the last two months have been resolved.
Got something to say? Need help?