WordPress.org

Plugin Directory

Clef Two-Factor Authentication

Modern two-factor that people love to use: strong authentication without passwords or tokens; single sign on/off; magical login experience.

The Clef mobile app provides passwordless two-factor authentication that is highly secure and enjoyable to use. Scan the Clef Wave to log in. Watch the 30-sec. demo.

Clef Login Features

  • No passwords: log in securely with the Clef wave, and enjoy two-factor protection without one-time codes.

  • No extra devices: use your smartphone instead of a “third device” such as a USB drive or security key.

  • Single sign on/off: Scan the Clef Wave once, then enjoy one-click sign ins for all subsequent sites. Also, sign out from all your sites with one-click any time, or set the timer to log you out automatically when you’re done working.

Clef Security Features

  • Strong authentication: Clef replaces passwords with the highly secure, tried-and-true RSA public-key cryptosystem.

    • Clef stores the encrypted private key on your phone rather than in a central database. Thus even in the unlikely event of a catastrophic security breach on Clef’s servers, your login credentials remain secure on your phone.
    • Every Clef login requires two identification factors: your phone and a fingerprint or PIN. So even if your phone is lost or stolen, your Clef profile and logins remain safe and sound.
  • Comprehensive login protection: Clef disables passwords for all three WordPress authentication points: Dashboard access, API access (XML-RPC), and password resets. Thus it protects WordPress's front door and back door against the full spectrum of password-based attacks:

    • brute-force and botnet login attacks
    • weak, leaked, and recycled passwords
    • sending login credentials in plain text via an insecure (non-SSL/TLS) connection
    • phishing attempts
    • account takeovers via email breaches

Plugin Configuration Options

  • Flexible password settings

    • Disable passwords for select WordPress user roles including custom roles.
    • Disable passwords for both the login script (wp-login.php) and the XML-RPC API (xmlrpc.php).
    • Accommodate users who do not have smartphones.
  • Shortcode support: insert Clef’s “login with your phone” button or the Clef Wave in any post, page, or text widget using the clef_render_login_button shortcode.

  • Standards-based compatibility: Clef’s WordPress plugin adheres to WordPress coding guidelines and is compatible with most mainstream plugins and themes.

  • Internationalization and localization support: Arabic, Danish, Dutch, French, German, Greek, Japanese, Latvian, Portuguese, Russian, Spanish. More translations on the way. Help translate Clef into your language.

  • Multisite network support

  • Helpful documentation and support

Requires: 3.6 or higher
Compatible up to: 4.6.1
Last Updated: 1 month ago
Active Installs: 900,000+

Ratings

4.7 out of 5 stars

Support

3 of 3 support threads in the last two months have been marked resolved.

Got something to say? Need help?

Compatibility

+
=
Not enough data

2 people say it works.
0 people say it's broken.

100,1,1 0,1,0
100,1,1
100,1,1
100,1,1
100,1,1
100,1,1
100,1,1 100,2,2
100,1,1
100,2,2 100,3,3
100,3,3 100,1,1 100,1,1
100,1,1
100,3,3 100,3,3
100,1,1 100,3,3 100,1,1
100,3,3
67,3,2
100,1,1
100,1,1
67,3,2
100,2,2 100,1,1
100,1,1
0,1,0 100,5,5
100,2,2
100,1,1 100,1,1 100,1,1
0,1,0 100,2,2
0,1,0
100,1,1 50,2,1 100,1,1 100,1,1
100,2,2
100,1,1 100,3,3
100,2,2