WordPress.org

Plugin Reviews

Clef Two-Factor Authentication

Secure two-factor that people love to use: strong authentication without passwords or tokens; single sign on/off; magical user experience.

1237

66 reviews
Average Rating
4.8 out of 5 stars
Muito BOM
By , for WP 4.2.1

Uso no meu site e tem me fornecido muita facilidade e segurança.
Parabéns aos desenvolvedores.

Serious Hardware and Security Issues
By , for WP 4.2.1

I love the concept enough that we decided to bake this as a MU-Plugin in our installs last week. Unfortunately we discovered two serious issues over the last two days that has caused us to revert from using the plugin with WP.

The issues have been raised on the development site:

Issue #208: CAUTION: Clef Wave May Cause CPU Burnout
Issue #209: Security: Session Will Not Timeout When Machine is In Standby

We haven't found the same problems using Clef on other web technologies, just with this WP plugin.

I was only going to give a one-star because of the severity of these two issues but there is potential to fixing them and possibly becoming a standard login authentication module for WP. However, If the developer fixes the issue in a reasonable amount of time, I will revisit it for more testing and change the star-rating accordingly.

Simply Fantastic
By ,

Simply fantastic - not only does it make your site look cool, it also offers complete no-nonsense security. Two factor authentication is rapidly becoming the defacto standard owing to APT and Cyber Security requirements as a whole.

Keep this up guys - one of the best security plugins there is.

So Simple
By , for WP 4.2.1

Besides looking freakin awesome this is super simple and helps when managing a lot of different installs. If you authorized on one install the rest will just let you click a button to get in until the app expires on the phone. Simple awesome!

Fact and secure
By ,

I don't care about the admin bugs anymore i use Clef and it's very cool
When we have a login/passwd bug you can't login because we have a safe env.
clef!

Very simple and nice
By , for WP 4.2

This thing just works, I like it.

Amazing - simply amazing
By , for WP 4.2

Clef is a game-changer.

It changes how online security is implemented - and your site is now even more secure.

It changes your smartphone into a fun-to-use two-factor authenticator. Yes, that's right, the phrase "fun-to-use" and "two-factor authenticator" is the very same sentence.

It changes the mindset that online security is too hard - no more excuses for using weak passwords.

Amazing - simply amazing.

Highly Recommend
By , for WP 4.1.1

If this could be bottled they would have to label it "Awesomesauce". It's that awesome. :)

Safe, Fast, and Easy
By , for WP 4.1.1

I've been using clef on all my WP sites for about a year now. I love how easy it is to setup and once configured logging in has never been so easy. I have been using strong passwords on all my sites and a password "wallet" type app on my phone to help generate strong random passwords and store them so I can log into everything. I hate having to type out these long, complex passwords and scrolling through sites in my phone app so I can log in.

This is more secure and much easier. Clef provides 2 factor authentication, which means I need my phone to log into a site which proves I have my phone and know the pin for clef as well as the password for my phone. It is much more difficult to spoof that and with many phones adding some kind of biometric mechanics it will mean that not only is my phone there, it will mean I'm there after my next phone update.

Even better, I don't have to find the site on the list of sites or try and type in a long random password ever on my WP sites. I scan the wave and I'm logged in automatically. It takes less time than finding the password on any other site without Clef support.

My only complaint is all the sites that haven't embraced the wave.

The Owls are Not What They Seem
By , for WP 4.1.1

This is an excellent two-factor authentication solution for WordPress, and nothing could ever beat free. I use it on my own sites. Thank you Clef!

However, you'll have to know of 2 caveats (free comes at the price):

  1. There's no session control. You can log into all of your Clef-controlled sites (including Facebook, through Chrome extension), but only from one browser. In their own words, "Clef's SSO works on one browser session at a time. Syncing sessions across multiple computers and possibly even multiple browsers is on the development roadmap but likely still a ways off until production."
  2. WordPress version, when installed as a total login replacement, doesn't really replace login form. Oh, it does, but only for us humans. Malicious scripts will continue kicking on your real login form trying to guess your username (admin, of course) and password (watzit, sex? god? 123?))… So by all means, use Clef – but also install a good security system.

PS: Their login window are quite ugly when laid over WP 4.1.*'s default login form, so you'll need some additional styling ;)

You must log in to submit a review. You can also log in or register using the form near the top of this page.