Clef wants to change the way we log into websites

Clef wants to change the way w...
Clef uses an animation instead of an unlock code
Clef uses an animation instead of an unlock code
View 2 Images
Clef uses an animation instead of an unlock code
Clef uses an animation instead of an unlock code
Clef apps are available for Android and iOS
Clef apps are available for Android and iOS

It's had a good run, but the password's time is up. Remembering a unique unlock code for dozens of websites and apps is no longer very practical or very safe, and many different companies are exploring what comes next. One of those companies is Clef, which has developed a two-step verification system that uses an animated wave on your phone to confirm your identity.

Two-step verification, now available on accounts with Google, Apple, Microsoft, Dropbox and many others, adds an additional security measure on top of a password. But existing methods typically rely on numerical codes and can be time-consuming to configure, which is why Clef thinks its new, streamlined approach has the edge. The technology is currently powering more than 40,000 sites and the company says it's now targeting larger organizations after securing US$1.6 million in investment funding.

Clef apps are available for Android and iOS
Clef apps are available for Android and iOS

From the user end, you simply wave your phone at the screen and you're in (though a PIN or Touch ID confirmation is required initially). It can work over Wi-Fi or cell networks (handy when one is available but not the other) and as a fallback it's possible to scan the phone screen using a laptop camera. There are no codes to remember and there's nothing to type in: The unique wave generated by your phone confirms that you are who you say you are.

"No weak passwords, frustrating tokens, or clunky dongles," promise the founders of Clef, which is based in Oakland, California. There's also the option to securely log out of your accounts with a single tap on your smartphone, should you spot any suspicious activity or suspect that someone else has been able to log into a site or app as you.

Clef is far from the only company looking to revolutionize the login process. In recent months and years we've seen a wearable that uses your heartbeat as a password, an iris-scanning gadget to log you in securely and various alternatives to the mobile phone PIN.

Watch the video below for a walkthrough of how Clef works.

Source: Clef via TechCrunch


4 Things:
1. I wouldn't trust a mobile for security for many reasons. 2. This isn't for security this is for advertising, tying a login to a real person via their phone is worth more ad bucks. 3. Browsers and password software can remember passwords, if you're concerned about the security of a computer you're using then you shouldn't be using that computer to do secure things. 4 A computer is 1 point of vulnerability, computer+phone is 2 points of vulnerability.
And what happens if you lose your phone. What if you phone battery is dead. A password is inconvenient, having to get your phone just to log in to a site is more inconvenient. If you don't have a smart phone or phone with a suitable camera then this doesn't work. It is bad for privacy, does 'clef' know every site you log in to? and Time? and Location? and both devices? It's bad for security, if clef is hacked then everybody's login to every site is possibly hacked.
Tom Swift
How does this work again? Seems that if someone gets your phone and access to it they have access to your entire digital world. Are we relying on the physical security of the phone itself? Even with my fingerprint ID phone I still have the 4 digit backup unlock code.
CLEF is only making the simple process of typing a login much more complicated and frustrating.
"you simply wave your phone at the screen and you're in (though a PIN or Touch ID confirmation is required initially). "
Sore arm; hand? No compatible cell phone? And what if it doesn't work?
CLEF is changing something that doesn't need to be changed just to make money off anyone gullible enough to fall for their hype.
66% of the world *use* their phone's browser - are we supposed to carry around a pocket full of mirrors so we can take photos of our own screen?
And what's with this: "should you spot any suspicious activity" ? Are they seriously touting the fact when other people bypass their security, you can quickly log out? Shouldn't they be *preventing* suspicious activity, instead of hoping you notice it? And how to heck are you supposed to "spot" if someone read all your email, or stole or your documents, etc?
Oh yeah, and what about the millions of people who loose or break their phones every year, or when we're on holidays with no cellular data connection, or our data credit has run out, or ....
I have to agree this is essentially useless due to the lack of security and the inconvenience. For me it would make any "Clef enabled" site completely inaccessible as I do not carry my cell phone 90% of the time and it is not permitted in a work environment.
Anyone who thinks a cell phone is a secure platform for anything needs to seriously read the literature from security experts on them so combine these two things and Clef is utterly insecure and worthless as a log in method.
A much simpler solution is to make algorithms based off of the sites URL you want to log into it. Why memorize passwords? A glance at the URL for your previously decided flags indicate which algorithm to use. So you easily figure out your password each time instead of needing a list.
Even a simplistic algorithm can yield complex passwords.