What is Clef?

S4 Tech ModeratorTools

Clef Two-Factor Authentication

We use Clef to login to the S4 Technology blog instead of a user name and password. The Clef mobile app provides password-free, two-factor authentication that is highly secure and enjoyable to use. Sync your phone with the Clef Wave to log in.

Clef Login Features

  • No passwords: log in securely with the Clef wave, and enjoy two-factor protection without one-time codes.
  • No extra devices: use your smartphone instead of a “third device” such as a USB drive or security key.
  • Single sign on/off: Sync with the Clef Wave once, then enjoy one-click sign ins for all subsequent sites. Also, sign out from all your sites with one-click any time, or set the timer to log you out automatically when you’re done working.

Clef Security Features

  • Strong authentication: Clef replaces passwords with the highly secure, tried-and-true RSA public-key cryptosystem.
    • Clef stores the encrypted private key on your phone rather than in a central database. Thus even in the unlikely event of a catastrophic security breach on Clef’s servers, your login credentials remain secure on your phone.
    • Every Clef login requires two identification factors: your phone and a fingerprint or PIN. So even if your phone is lost or stolen, your Clef profile and logins remain safe and sound.
  • Comprehensive login protection: Clef disables passwords for all three WordPress authentication points: Dashboard access, API access (XML-RPC), and password resets. Thus it protects WordPress’s front door and back door against the full spectrum of password-based attacks:
    • brute-force and botnet login attacks
    • weak, leaked, and recycled passwords
    • sending login credentials in plain text via an insecure (non-SSL/TLS) connection
    • phishing attempts
    • account takeovers via email breaches

Plugin Configuration Options

  • Flexible password settings
    • Disable passwords for select WordPress user roles including custom roles.
    • Disable passwords for both the login script (wp-login.php) and the XML-RPC API (xmlrpc.php).
    • Accommodate users who do not have smartphones.
  • Shortcode support: insert Clef’s “login with your phone” button or the Clef Wave in any post, page, or text widget using the clef_render_login_button shortcode.
  • Standards-based compatibility: Clef’s WordPress plugin adheres to WordPress coding guidelines and is compatible with most mainstream plugins and themes.
  • Internationalization and localization support: Arabic, Danish, Dutch, French, German, Greek, Japanese, Latvian, Portuguese, Russian, Spanish. More translations on the way. Help translate Clef into your language.
  • Multisite network support
  • Helpful documentation and support