Clef | Forget Your Passwords

Clef | Forget Your Passwords

What is Clef?

Forget your passwords, the next step in authentication is here. Clef is a form of two-factor authentication powered by RSA public key technology (world-class security). It allows users across the Caskey Coding network of websites to sign in with their phones. A user has to enter a PIN, and the Clef application will give them a key to sign in. Unlike SecurID (if you’re familiar), it requires no user interaction with a passcode or tokencode. With Clef, after entering your PIN, simply hold your phone in front of the sign-in screen and… Voil√†! It’s Two-Factor Authentication taken to the next level combining the security of RSA public key technology with a flawless user experience.
Check out their video below..

Source: Clef | Two-Factor Authentication From the Future

Traditional Passwords are Becoming a Thing of The Past

In today’s technology advanced society, everything is wrong with traditional passwords. Nobody benefits from a security that has passed it’s peak and now leaves endless vulnerabilities. Memorable passwords like “mydogsname1” are vulnerable to social engineering and brute force attacks. Terms people can associate as common knowledge with your life make weak passwords. Once you start handing out passwords that aren’t susceptible to social engineering, nobody can remember them. Here is an example of what is considered a secure generated password: ve$VI3vSCnbso0PocUiIN%fJ

I can’t think of a single person that would remember that password. If you can’t remember a password, you document it. Once you’ve documented a secret, you’re taking a step backwards. Brute Force attacks or viruses can find documentation on computers. Nosey neighbors, a passerby, clients or coworkers could steal a handwritten note. Let’s not even start on trying to remember expiring passwords. You could start using a Third Party service like Last Pass, but this is not a practical solution with User Experience in mind. Novice computer users would forever be lost in a world of third party password managers. For all this, Clef encourages you to forget your passwords. Really, it’s more secure! (And honestly, it adds some amusement to the sign on process.)

Take a look at this map of active hacks and tell me you’re still comfortable with “mydogsname1” protecting all of your data. There is always somebody trying to crack your password. Just look at the Caskey Coding List of Banned Hosts, all of whom have tried brute force logins on our networks:

The List of Shame | Blacklisted IP Addresses
146.185.239.200
178.248.87.44
151.80.41.241
40.124.9.65
84.240.9.6
193.201.227.139
91.200.12.139
46.148.22.18
92.63.87.61
195.154.231.209
5.248.41.58
37.72.185.78
62.149.143.77
103.6.196.238
184.168.200.154
209.17.114.78
84.22.96.98
202.92.128.228
50.28.78.75
103.28.12.135
151.80.67.1
69.90.161.45
50.62.161.76
188.163.110.101
46.148.18.162
37.115.5.182
211.236.185.151
107.190.129.162
211.77.5.41
192.210.149.102
172.245.107.112
172.245.107.67
192.210.149.70
172.245.10.21
208.117.45.137
85.128.142.37
96.30.10.64
85.128.142.46

This list, growing everyday, is exactly why you should consider moving your log in security to Clef. It is impossible to guess a password that doesn’t exist. Think a hacker will be able to get into your Clef protected account? I think not. To log into an account, a hacker is going to need pieces that are personal to the user:

User’s personal phone + Password to unlock user’s phone + User’s Clef PIN + Website sign in URL

Securing Your WordPress Sites Using Clef

As a web developer, I am constantly looking for ways to improve my clients’ website security. If you work on a WordPress platform, it’s common knowledge that plugins seamlessly enhance security, caching, and countless other website features. WordPress sites call for security plugins to prevent hacks such as brute force attacks. Most of these plugins create banned user lists and strict password rules. When I discovered Clef could be enabled on WordPress websites, I had to take the dive.

Applying Clef to your website is as easy as installing a WordPress Plugin. Not satisfied? Take a look at their in-depth developer’s guide. It took 20 minutes of my time, and now my websites are more secure than ever. I highly recommend all WordPress Developers take a brief minute to upgrade their security now. While you do that, the rest of us will enjoy some skeet shooting…

Can anyone find the RSA SecurID token in this image?

Forget Your Passwords and Use Clef

When it comes to user experience, bottom line- the Clef model is better. I don’t have to go looking for or fret trying to remember my passwords. There is no need to reset my password each time I sign in. I don’t type it in 5 times before finally getting the right capitalization. No password keychain needs to be introduced. This is my interaction each time I sign on:

1) Go to My Sign In URL:

Clef Sign On

2) Open Clef on My Phone and Enter My PIN:

Clef PIN

3) Line Up Phone with the Sign on Screen:

clef sign on2

Boom! Now I am signed into my WordPress Dashboard:

Wordpress Dashboard | Caskey Coding

The Clef application allows me to control how long I am logged into each website:

clef screens

It’s Time to Forget Your Passwords

Hats off to the developers of this extremely useful tool. It combines world-class security with Grade A user experience. They’re rewriting the rulebook on authentication. I highly recommend Clef to anyone who is in need of a website security solution. Click Here to get the WordPress Clef Plugin. Don’t know where to start with your website? Consult Caskey Coding about adding Clef to your website! Clef is secures our network of websites,and we’d be excited to help you join this authentication revolution.

After reading this article, are you more likely to start using Clef?

One Response to Clef | Forget Your Passwords

Leave a reply

We Build Better Websites.