A bigger, better Clef

Clef is two-factor authentication from the future (learn more here). We’re excited to announce raised $1.6m from Morado Ventures and some amazing angels led by Raj Mehta to help us build the company we love, solve two-factor authentication, and kill passwords. 

Until very recently, Clef consisted of three people — Mark, Jesse, and I (Brennen). For the last two years, we’ve been on a mission to kill passwords and we’ve built an amazing product to do it. We launched in June of last year and have been living, breathing, and dreaming Clef ever since.

Along the way, we’ve been extraordinarily fortunate to find communities that have welcomed us. With their support, we’ve grown from less than 100 sites using Clef at this time last year to more than 16,000 today. In WordPress, we’ve blown away every other two-factor authentication option by focusing on what we do best: creating a beautiful login experience that delights instead of frustrates. We could not be more proud of, or grateful for, everything that has happened so far.

But we’re not finished yet: we have huge goals and miles to go before we sleep. To help us achieve those goals and build the company we love, we’ve raised $1.6m from some incredible investors, including Morado Ventures and a group of wonderful angels led by Raj Mehta.

In the next year, we’ll continue rapidly expanding our presence in platforms like WordPress, but we’ll also be adding a new focus: Bitcoin. As cryptocurrencies are adopted by everyday Internet users, an important challenge arises: how can we keep users who refuse to use traditional two-factor safe? Clef is the answer. We’ve built the best two-factor in the world and as passwords die, we’ll keep Bitcoin users safe with an experience they love.

We announced a few weeks ago that Laurence had joined the Clef team to help with support and today I’m happy to announce two other hires: Darrell Jones III will be joining us in December to do business development, and Sasha Heinen will be joining us in January to build our apps. Darrell is a force of nature we were all inspired by in college and Sasha is one of the best engineers I’ve met.

As we grow, we’ll never lose sight of the many people and communities that helped us on our way. To everyone who has supported us: Thank You. We are so grateful for your support.

To celebrate, we’d like to extend an (always open) invitation to our 67th weekly community dinner in Oakland. Swing by our office anytime after 6:30, enjoy some home cooking by Mark, Jesse and I, and celebrate the beginning of a new era in Clef’s life.

Making two-factor easy with Installatron

logo996Today, we’re excited to announce that Installatron is now offering Clef as a part of their WordPress installer, bringing the best two-factor in the world to even more hosts and users by default. In the words of Phillip Stier, co-founder of Installatron:

“Two-factor authentication is essential now, and Clef’s solution is the most elegant available.”

Installatron is one of the leading providers of web application installation and management products for hosts. They’ve become a standard because they take simplicity and security seriously, creating a beautiful user experience for the hosts they serve and end-users.

We connected through one of our Safer Hosts, WPPronto, and are so excited to be working with them to make the Internet a safer place.

The Safer Hosts initiative

If you’re a host that uses Installatron, we’ve created the Safer Hosts program to bring you on board. As part of Safer Hosts, you’ll be able to use Clef on your own domain for free when you offer Clef two-step logins for your customers’ sites (Clef will always be free for sites with less than 1,000 logins per month).

We’ll also feature and promote you as a Safer Hosts on the Clef blog and hosts page to make sure you get the love you deserve. You can read more about the Safer Hosts program here.

Protecting users by default

As the web has grown, everyday users have been left in the cold when it comes to security. Often times, we only protect those who have the resources and time to research best practices on their own.

Every user in our community should be protected from the start. We are so pleased to be working with Installatron to make good security the default.

You can read more about the Safer Hosts program here.

Welcoming Duco Hosting to Safer Hosts!

logo1Today, I’m excited to welcome Duco Hosting to our Safer Hosts program. As a Safer Host, they’ll be installing Clef by default in their WordPress hosting plan — from the second you set up your site, you’ll be secured with beautiful two-factor authentication.

From games to hosting

Started by Cas Eliëns a little more than a year ago, Duco originally started as a game host. As they signed up more customers, however, they realized that their high quality hosting services were attracting people more than their focus on games. After some deliberation, they decided to refocus on the only thing that mattered: building the best hosting product that they could.

Many of Duco’s customers host business-critical services like WHMCS, so security has been a top priority from the beginning. In Cas’ words,

The more security the better! I started using Clef, and then I found out about the Safer Hosts program and figured spreading the word would be the right thing to do!

We’re super excited to have Duco as a member of Safer Hosts!

If you’re looking for small business hosting, check out Duco Hosting.

Bit.ly malware warning on blogs displaying the Clef badge

UPDATE: this issue has been resolved. Google accidentally blocked bit.ly and has now corrected the mistake. All blogs with the Clef badge displayed will display normally. Neither Bit.ly nor Clef were compromised and there is no reason for concern.

Early this morning, Google blacklisted bit.ly in their Safe Browsing list, which led to links to bit.ly being blocked in Chrome & Firefox. When users visited a site that used bit.ly links, they saw the following error.




This impacts Clef users who enable the Clef badge (we love you!) because we use a bit.ly link to link to the badge image. If your site is affected, you can disable the Clef badge in the Clef settings on your WordPress dashboard. Google fixed their mistake, there should no longer be an issue!

We’re very sorry for the inconvenience here — enjoy the rest of your weekend!

Touch ID for Clef

From the moment we started working on Clef, we’ve been driven by the philosophy that the only security that matters is the security you actually use. If it’s too hard, we won’t use it, regardless of its level of security. That’s why the majority of Americans have never used traditional two-factor, and why we reuse weak passwords even when we know better.

Making the Internet more secure means baking security in by default. It also means crafting an experience so intuitive that people don’t need to second guess whether they are taking the right steps to keep themselves safe online.

That’s why we’re pleased to announce that you can now use Touch ID instead of a PIN to unlock the Clef app on your phone.

Farewell PIN

Touch ID for Clef

We’ve worked hard to make Clef the best two-factor authentication in the world. But every time we opened up Clef on our phones, we were greeted by the PIN, a necessary evil to keep Clef accounts safe from phone thieves.

When you enable Touch ID, logging in with Clef is as simple pointing the app at your computer screen. You’ll still need to remember your PIN if you want to activate Clef on a new device, but it’s a step closer to our vision — a seamless login experience where your phone does all of the hard authentication work for you.

Touch ID is available on iOS 8 for the iPhone 5S, iPhone 6 and iPhone 6 Plus. We think you’re going to love how fast and easy it is.

Say Hello to Laurence!

On August 7th, 2013, I received a fateful email, though I didn’t know it at the time. In response to a survey about using Clef for payments[1], I got a very well thought out answer from a user named Laurence.

Dear Jesse,

I’m excited to hear about the progress on payments. Go Clef!

To your questions:

… 400 words …


While we didn’t end up pursuing payments, this email started a relationship that today takes a new turn. Laurence has been a Clef user from the start and one of our most vocal advocates. That’s why we’re so excited to announce that he’s joining our team as our Head of Support.

If you’re looking for help with Clef, and you run into Laurence, make sure to give him a warm welcome!

How to fix “Problem with the SSL CA cert (path? access rights?)” error

Note: if you’re not seeing any issues, there’s nothing to worry about!

Last week, the shellshock vulnerability in bash required an update that has temporarily broken SSL for many servers running PHP around the web. For the Clef for WordPress plugin, this is an issue because the secure login handshake happens over an SSL connection with the Clef servers.

To resolve the issue, you’ll need to restart Apache (or nginx). If that doesn’t fix the problem, you’ll need to restart your entire server.

Once you’ve done that, HTTP request over SSL will work normally and you’ll be able to log in with Clef.

If you have any questions about the issue, or need help getting it resolved, don’t hesitate to join our support room or email us at support@getclef.com.

Koomohost joins Safer Hosts


We’re very excited to welcome the newest member of the Safer Hosts program: Koomohost. As a Safer Host, they’ll be installing Clef by default in their WordPress hosting plans — from the moment you set up a new site, you’ll be protected by Clef’s easy, secure, beautiful two-factor authentication.

Simple, beautiful hosting

When I was introduced to Koomohost, I was blown away by their simple, friendly approach. I literally started the first email exchange I had with Anthony, Koomhost’s founder, with the following statement:

Koomohost looks awesome (love your clean site design).

Seriously — go check out their website and product. They launched in 2009, powered by Amazon Web Services, and have built a secure, performant, reliable hosting option, with a end-user experience that is unbelievably beautiful and easy-to-understand.

Taking security seriously

Koomohost has taken security seriously from the start, but as WordPress has grown in popularity, they started looking for other companies that could help bolster their platform. In the words of Anthony,

We found quite a few during the past year and it has made an immediate impact for our customers.  It is quite nice to get an email from a customer thanking us for our services, because they see their friends/colleagues sites going down due to a hack or performance issue. 

When we saw Clef, it made sense!  Give up passwords and use the Clef Wave to login!  It would make our jobs easier and add another protective layer. We were having a problem with one of our own projects and despite every effort to defend it, we were still getting alerts of BruteForce attempts.  After installing Clef, we have zero incidents.

We’re so excited to have them as a member of Safer Hosts!

If you’re looking for secure, fast, reliable hosting that’s easy-to-understand and use, go sign up for Koomohost.

From 1,000 to 100,000

363 days ago, Mark, Brennen, and I received a kind email from one of our earliest users. At the end of that email, they pointed out that our WordPress plugin was approaching 1,000 downloads in the plugin repository:

Speaking of, have you noticed that you’re steadily crawling toward 1K downloads—nice work!

Since that day, the three of us have worked tirelessly to make Clef a permanent part of the WordPress community. We’ve poured thousands of hours into building a better product, we’ve sent and received more than 20,000 support emails, we’ve attended and spoken at WordCamps all over the country,  we’ve found amazing friends and supporters, and we’ve helped tens of thousands of users keep their sites safe while forgoing the painful burden of passwords.

Yesterday, we crossed 100,000 downloads of Clef’s plugin for WordPress.

Our journey to this point has not been easy — there have been plenty of tears, sleepless nights, dreams of failure, and mistakes — but we could not be more proud of what we’ve accomplished. WordPress is one of the most empowering tools on the web, surrounded by a beautiful, diverse, supportive community, and working to make it better has been a dream for us.

In the year ahead, we’ll be expanding our team and improving the product, but we’ll never lose sight of where we started.

WordPress, we love you — thank you for the warm welcome.


The Clef plugin for WordPress brings secure, simple, passwordless two-factor authentication to any WordPress site. Download it here!

Welcoming WPPronto to Safer Hosts

Master-white-bgToday, I’m super excited to announce the newest member of Clef’s Safer Hosts program: WPPronto. As part of the program, they’ll be including Clef as part of their default managed WordPress install — with WPPronto you’ll be protected by Clef’s secure, beautiful two-factor authentication from the moment you set up your site.

Who is WPPronto?

If you haven’t heard of WPPronto, you almost certainly know the company by their former name: WPCDN.

Started in 2009 as the first content delivery network built specifically for WordPress, they’ve been powering high-performance sites since the beginning. While their hosting services began as a secondary-offering, in the last few years it’s become their most popular service.

As a result, they decided to shift their primary focus to providing fine-tuned hosting for WordPress. They relaunched as WPPronto last week and it’s awesome.

Speed and security

After running a CDN company for 5 years, the team at WPPronto knows pretty much everything there is to know about running a fast WordPress site — and they’ve focused on making that speedy offering secure. In the words of their CEO, Mark Bailey,

As WordPress continues to explode in popularity, it becomes a bigger and bigger target. Of course, no one wants to have a site infected or blacklisted, or especially have client data compromised. We have multiple security systems in place, and we have been big proponents of two-factor authentication. We love Clef because they implemented two-factor authentication and single sign-on right! Other solutions are hard to set up and use, but Clef is easy and elegant!

We couldn’t be happier to have them as a part of Safer Hosts.

If you’re looking for fast, secure managed WordPress hosting, check out WPPronto right now — as part of their new launch, they’re offering everyone 50% off for 3 months of any plan.