It's had a good run, but the password's time is up. Remembering a unique unlock code for dozens of websites and apps is no longer very practical or very safe, and many different companies are exploring what comes next. One of those companies is Clef, which has developed a two-step verification system that uses an animated wave on your phone to confirm your identity.
Two-step verification, now available on accounts with Google, Apple, Microsoft, Dropbox and many others, adds an additional security measure on top of a password. But existing methods typically rely on numerical codes and can be time-consuming to configure, which is why Clef thinks its new, streamlined approach has the edge. The technology is currently powering more than 40,000 sites and the company says it's now targeting larger organizations after securing US$1.6 million in investment funding.
From the user end, you simply wave your phone at the screen and you're in (though a PIN or Touch ID confirmation is required initially). It can work over Wi-Fi or cell networks (handy when one is available but not the other) and as a fallback it's possible to scan the phone screen using a laptop camera. There are no codes to remember and there's nothing to type in: The unique wave generated by your phone confirms that you are who you say you are.
"No weak passwords, frustrating tokens, or clunky dongles," promise the founders of Clef, which is based in Oakland, California. There's also the option to securely log out of your accounts with a single tap on your smartphone, should you spot any suspicious activity or suspect that someone else has been able to log into a site or app as you.
Clef is far from the only company looking to revolutionize the login process. In recent months and years we've seen a wearable that uses your heartbeat as a password, an iris-scanning gadget to log you in securely and various alternatives to the mobile phone PIN.
Watch the video below for a walkthrough of how Clef works.
Source: Clef via TechCrunch
1. I wouldn't trust a mobile for security for many reasons. 2. This isn't for security this is for advertising, tying a login to a real person via their phone is worth more ad bucks. 3. Browsers and password software can remember passwords, if you're concerned about the security of a computer you're using then you shouldn't be using that computer to do secure things. 4 A computer is 1 point of vulnerability, computer+phone is 2 points of vulnerability.
"you simply wave your phone at the screen and you're in (though a PIN or Touch ID confirmation is required initially). "
Sore arm; hand? No compatible cell phone? And what if it doesn't work?
CLEF is changing something that doesn't need to be changed just to make money off anyone gullible enough to fall for their hype.
And what's with this: "should you spot any suspicious activity" ? Are they seriously touting the fact when other people bypass their security, you can quickly log out? Shouldn't they be *preventing* suspicious activity, instead of hoping you notice it? And how to heck are you supposed to "spot" if someone read all your email, or stole or your documents, etc?
Oh yeah, and what about the millions of people who loose or break their phones every year, or when we're on holidays with no cellular data connection, or our data credit has run out, or ....
Anyone who thinks a cell phone is a secure platform for anything needs to seriously read the literature from security experts on them so combine these two things and Clef is utterly insecure and worthless as a log in method.
Even a simplistic algorithm can yield complex passwords.