Popular two-factor authentication service Clef has announced they are shutting down support services for the product and the service, as well as its apps and WordPress plugin will be sunset in the first week of June 2017.
Clef is an easy way to integrate two-factor authentication in websites, allowing users to easily login just by pointing their phone at the Clef login code, a wave. What set Clef apart from other 2FA services was its ease of use, its speed and also its central directory which it operated for sites and would allow users who had logged in via Clef on one site already to also be logged on other sites which use the Clef login.
According to the WordPress plugin directory, Clef is installed on more than one million WordPress. Clef’s popularity undoubtedly is huge and also stems from the fact that many webhosting providers offer easy installation of Clef as it is integrated as an option in Softaculous’ WordPress setup.
Clef sent emailed each user and also posted an update to its blog on Medium.
I’m writing to inform you that starting today, we’ll be sunsetting the Clef product with a final shutdown date of 6/6 (official blog post here). Everything will remain fully functional and maintained until that date, at which point the mobile apps will cease functioning and be removed from the Google Play and Apple App stores.
As a current Clef user, we recommend that you begin transitioning away from Clef as your preferred login method as soon as possible. We’ve written a guide to transition from using Clef to another form of two-factor authentication here. We’ve explored every option to keep the Clef product alive and are deeply sorry for any inconvenience this transition will cause.
What’s Next for Clef
The team hasn’t announced yet what will happen with the product, or service beyond its sunset, although they teased with an upcoming announcement that the team is joining another team, company. An official announcement about the team’s future should follow next week.
In a tweet reply to a user the team confirmed that there will be no replacement offered by its crew, or its future home/company, thus users will be forced to explore alternative services.
— Clef (@getclef) March 6, 2017
As such it is also safe to say that Clef wasn’t acquihired by either GoDaddy or Microsoft, both companies who would not have insisted on such speedy sunsetting and have continued to operate the product as a stand-alone solution at least in a near future.
Clef Alternatives for WordPress Users
Rambling and armchair tech punditry guessing aside though, what’s next for WordPress?
Let us be clear here, there is nothing like Clef out there currently. No service is as user friendly as Clef is and that is not merely our own bias. Clef will be missed.
Luckily, this world being one of third-party solutions and everybody’s preferred CMS being WordPress… there’s a plugin for that.
Several plugins obviously.
The most known, and also recommended by Clef in its transition guide are:
The Two-Factor Plugin is a simple solution enabling 2FA for different services such as one-time password (OTP), Google Authenticator, Yubikey, U2F and FIDO Universal two-factor solutions.
Authy is a popular two-factor authentication freemium solution, which also offers a WordPress Plugin.
Authy labels itself as _modern two-factor authentication for humans, but, obviously, as Clef fans here at rockingWP we are biased and frown at such statement. The free plan of Authy offers around 100 authentications per month.
The Google Authenticator plugin for WordPress integrates Google’s 2FA solution within WordPress sites. The free service requires the installation of Google’s mobile authenticator app. The elephant of the behemoth.
The freemium WordFence security solution comes with its own two-factor login service and can be downloaded from the WordPress plugin repository.
While WordFence does provide a complete package, the product may be too bloated for users looking merely for a 2FA alternative and for others it needs be said that WordFence’s service do put additional strain on servers. If you’re looking for an alternative and don’t have a solid, secured WordPress setup, or don’t have any idea how to secure your installation WordFence may be for you. Personalyl we tend to steer away from firewalls though.
Automattic’s Jetpack suite also offers two-factor authentication as part of its services. While the plugin may too much for those looking merely for a Clef alternative, for many users the Jetpack suite can be an excellent addition to their WordPress installation.
MiniOrange is a freemium two-factor solution providing Google Authenticator integration for WordPress websites. It also supports most common, modern industry standards such as OTP, QR Code Authentication, Push notification and more in its own mobile app, as well as email authentication. An almost all-in solution, especially for those who want to look for, and easily compare, Google Authentitcator alternatives.
MiniOrange is free for 1 user and comes with common verification services for free. Other verification methods such as over calls and via SMS may incur costs.
Clef, you will be missed and the alternatives to your service are bleak in options and in user UX. We wish you and the whole team a great and prosperous future.