Clef offered a novel approach for adding passwordless authentication to WordPress using encrypted waves synced from your phone. With passwords remaining a security plague, understanding Clef‘s model and alternatives can empower your site.
How Did Clef Work?
Clef was an application allowing passwordless login to supported sites like WordPress by syncing encrypted waves from your mobile device.
The flow looked like:
- Install Clef application on your smartphone
- Register your phone to tie your identity to your encrypted keys
- When logging into WordPress, sync the wave shown by holding your phone up
This validated your identity based on possessing the unique decryption keys associated with your phone. No passwords needed.
Why Did Clef Stand Out for WordPress?
Clef integrated directly with WordPress, allowing administrators to fully replace username/password fields.
Benefits specifically for WordPress included:
- No Passwords: Users relied solely on their phones to decrypt login waves
- Secure Encryption: Keys only stored locally on users‘ phones, wave codes changed constantly
- Convenience: 1 click login by just scanning a code
With over 35% of internet users experiencing password fatigue, Clef offered a frictionless approach to eliminate this fatigue for logging into WordPress specifically while upholding security.
Just How Insecure Are Passwords?
61% of data breaches are tied directly to leveraging weak or stolen login credentials according to recent industry reports.
"With an average of over 100 passwords to keep track of and rotating requirements to use special characters or uppercase letters, it‘s no wonder 81% of hacking-related data breaches can be traced back to compromised passwords."
Additionally, research finds:
- Only 5% of internet users use a password manager
- People reuse passwords for 4-5 sites on average
- Top 10 common passwords remain dangerously weak like "123456"
| Year | Compromised Passwords |
|---|---|
| 2018 | 2.2 Billion |
| 2019 | 4.5 Billion |
| 2020 | 15 Billion |
The risks only accelerate, making Clef‘s passwordless approach extremely timely and secure.
What if Clef Returns?
As of 2023, there are no definitive plans for Clef to re-launch its service. However, should similar passwordless authentication options arise for WordPress, administrators would be wise to consider them.
Any solutions should match Clef‘s calibration of being:
- Easy: Intuitive for average users with minimal friction
- Secure: Keys secured on local devices without central databases
- Integrated: Custom WordPress plugin eliminating separate login portal
When assessing alternatives, keep these criteria in mind. Biometric scanning options often fall short on ease of use while most SSO options fail the security test by centrally storing login credentials vulnerable to attack.
Aim for solutions as dedicated as Clef in removing login friction through secure, integrated passwordless experiences benefitting both users and administrators.
Key Takeaways
Hopefully this breakdown has provided some helpful wisdom both looking back at what made Clef so unique for passwordless WordPress authentication as well as advice for assessing any similar offerings in the future.
The key principles to remember are:
- Leverage mobile devices for decentralization
- Require no passwords or usernames
- Custom integrate into WordPress for seamless usage
- Analyze alternatives against these criteria
Passwords certainly aren‘t going away entirely anytime soon.
But for WordPress sites where convenience and security are top priorities, passwordless solutions with Clef‘s ethos could be game-changing. Stay informed should any promising technologies emerge.
