Clef is a new “Passwordless” application bound to change the way we access our web accounts. The internet of today is a harsh place where users are constantly being monitored, and hackers are always ready to track their every step in order to steal their passwords and private information. Security is becoming increasingly important in unwanted eyes trying to get web accounts login information. Today, not even a long password will protect you from being hacked. To be adequately protected, you will need to have a superior security feature enabled.
Passwords are no longer secure:
The increasing lack of security over the web has led many developers to try and provide new ways to protect user accounts. Two-factor authentication improves security by sending a second randomly generated password to a user’s phone after they type in their normal username and password. Nevertheless, it is now known that these applications are centralized and can also be subject to eavesdropping and ultimately its control can fall into the wrong hands.
Unlike password based two-factor authentication solutions like Google Authenticator or Authy, Clef is a new two-factor authentication technology that differs from all standard two-factor authentication models. Clef has simplified the login process to the point you don’t need to enter any password. “We think that as we do more online, we need to find much better ways to protect ourselves.” says Brennen Byrne, CEO and Clef co-founder – “Today, two-factor auth is only used by a tiny handful of people, but soon we’re going to need that level of protection for everyone. To make that happen, we need to make two-factor auth easier than passwords too, and that’s what we’re building with Clef.”
Enhanced security for Digital Currency Exchanges and Bitcoin Wallets:
Digital currency related business have been quick to adopt two-factor authentication to enhance their security protocols. Old methods, such as email authentication or standard two-factor authentication, are already obsolete and now with Clef, we have already seen a sudden interest from the bitcoin community. Currently, traditional two-factor authentication apps sees less than 1% of user’s choosing to use it while Clef attracts about 50% more users. Clef could rapidly turn out to be the most adequate app to protect bitcoin exchanges user’s accounts information and bitcoin wallets.
The app is built to offer a strong authentication by replacing passwords with a new 2FA login using RSA public key encryption. The app generates and stores the encrypted private key on the user’s phone, meaning that only the user has access to it and it never leaves your device. This is what reinforces the protection features preventing user login credentials from being compromised.
Clef replaces passwords by enabling access through a user’s phone instead of anything they remember or type. Clef also offers comprehensive protection by disabling the need for password authentication while protecting against all types of password-based attacks. By combining cryptographic technology with simplicity, Clef will most certainly become the next killer app for Bitcoin security.
How does it work?
By using the optical camera on the smartphone, Clef can log in into any website that allows the application to be used. Clef runs on an RSA public-key architecture technology. It uses a wave image to identify the public key while storing the private key on the user smartphone.
In fact, Clef’s model of public/private key for logging in is pretty much similar to how bitcoin works. Both of them use Asymmetric cryptography or public-key cryptography in which a pair of keys is used to encrypt and decrypt a message. The app is a secure two-factor specially designed for consumers. It eases and speeds the process of logging into accounts while it provides absolute security.
“Logging in is traditionally done by proving you know something that the server also knows (your password, a two-factor code, etc.). With Clef, we’re decentralizing the authentication process so that the server doesn’t have to store anything valuable. Instead, all of the authentication happens on the phone and then is proven with the private key’s encryption. That can be verified by the server (with only the public key) and we can avoid most attacks completely.”
Clef offers extra security for iOS users with Apple’s Touch ID. Every time the app is used to login, it will require the user fingerprint using Touch ID technology. The user only has access to his private key after being identified by the Touch ID. Byrne says:
“It lets us make logging in with Clef easier and safer, but it also means that no company needs to store your fingerprints or anything in a central database.”
With secure biometrics, the account stays attached to a unique user. Clef takes into account location, usage, and hardware data to make sure every authentication is genuine. With each user associated with a device, Clef will also protect the site from fraud or abuse from bugs or system fails. This way security works both ways since it not only secures the user and proves his identity, but it also protects businesses from fraud. “I think over time, we’re going to see a lot of data move out of big central storage out towards users where it can still be useful without being as dangerous”, said Brennan.
For the users without support for Touch ID, Clef has also developed another method to fall back to an equally secure PIN on the user’s device.
Clef is used for secure Bitcoin site log-ins and has been busy working with some of the biggest trusted sites in Bitcoin today. Check out http://getclef.com for details.