Touch ID for Clef

From the moment we started working on Clef, we’ve been driven by the philosophy that the only security that matters is the security you actually use. If it’s too hard, we won’t use it, regardless of its level of security. That’s why the majority of Americans have never used traditional two-factor, and why we reuse weak passwords even when we know better.

Making the Internet more secure means baking security in by default. It also means crafting an experience so intuitive that people don’t need to second guess whether they are taking the right steps to keep themselves safe online.

That’s why we’re pleased to announce that you can now use Touch ID instead of a PIN to unlock the Clef app on your phone.

Farewell PIN

Touch ID for Clef

We’ve worked hard to make Clef the best two-factor authentication in the world. But every time we opened up Clef on our phones, we were greeted by the PIN, a necessary evil to keep Clef accounts safe from phone thieves.

When you enable Touch ID, logging in with Clef is as simple pointing the app at your computer screen. You’ll still need to remember your PIN if you want to activate Clef on a new device, but it’s a step closer to our vision — a seamless login experience where your phone does all of the hard authentication work for you.

Touch ID is available on iOS 8 for the iPhone 5S, iPhone 6 and iPhone 6 Plus. We think you’re going to love how fast and easy it is.

Say Hello to Laurence!

On August 7th, 2013, I received a fateful email, though I didn’t know it at the time. In response to a survey about using Clef for payments[1], I got a very well thought out answer from a user named Laurence.

Dear Jesse,

I’m excited to hear about the progress on payments. Go Clef!

To your questions:

… 400 words …


While we didn’t end up pursuing payments, this email started a relationship that today takes a new turn. Laurence has been a Clef user from the start and one of our most vocal advocates. That’s why we’re so excited to announce that he’s joining our team as our Head of Support.

If you’re looking for help with Clef, and you run into Laurence, make sure to give him a warm welcome!

How to fix “Problem with the SSL CA cert (path? access rights?)” error

Note: if you’re not seeing any issues, there’s nothing to worry about!

Last week, the shellshock vulnerability in bash required an update that has temporarily broken SSL for many servers running PHP around the web. For the Clef for WordPress plugin, this is an issue because the secure login handshake happens over an SSL connection with the Clef servers.

To resolve the issue, you’ll need to restart Apache (or nginx). If that doesn’t fix the problem, you’ll need to restart your entire server.

Once you’ve done that, HTTP request over SSL will work normally and you’ll be able to log in with Clef.

If you have any questions about the issue, or need help getting it resolved, don’t hesitate to join our support room or email us at

Koomohost joins Safer Hosts


We’re very excited to welcome the newest member of the Safer Hosts program: Koomohost. As a Safer Host, they’ll be installing Clef by default in their WordPress hosting plans — from the moment you set up a new site, you’ll be protected by Clef’s easy, secure, beautiful two-factor authentication.

Simple, beautiful hosting

When I was introduced to Koomohost, I was blown away by their simple, friendly approach. I literally started the first email exchange I had with Anthony, Koomhost’s founder, with the following statement:

Koomohost looks awesome (love your clean site design).

Seriously — go check out their website and product. They launched in 2009, powered by Amazon Web Services, and have built a secure, performant, reliable hosting option, with a end-user experience that is unbelievably beautiful and easy-to-understand.

Taking security seriously

Koomohost has taken security seriously from the start, but as WordPress has grown in popularity, they started looking for other companies that could help bolster their platform. In the words of Anthony,

We found quite a few during the past year and it has made an immediate impact for our customers.  It is quite nice to get an email from a customer thanking us for our services, because they see their friends/colleagues sites going down due to a hack or performance issue. 

When we saw Clef, it made sense!  Give up passwords and use the Clef Wave to login!  It would make our jobs easier and add another protective layer. We were having a problem with one of our own projects and despite every effort to defend it, we were still getting alerts of BruteForce attempts.  After installing Clef, we have zero incidents.

We’re so excited to have them as a member of Safer Hosts!

If you’re looking for secure, fast, reliable hosting that’s easy-to-understand and use, go sign up for Koomohost.

From 1,000 to 100,000

363 days ago, Mark, Brennen, and I received a kind email from one of our earliest users. At the end of that email, they pointed out that our WordPress plugin was approaching 1,000 downloads in the plugin repository:

Speaking of, have you noticed that you’re steadily crawling toward 1K downloads—nice work!

Since that day, the three of us have worked tirelessly to make Clef a permanent part of the WordPress community. We’ve poured thousands of hours into building a better product, we’ve sent and received more than 20,000 support emails, we’ve attended and spoken at WordCamps all over the country,  we’ve found amazing friends and supporters, and we’ve helped tens of thousands of users keep their sites safe while forgoing the painful burden of passwords.

Yesterday, we crossed 100,000 downloads of Clef’s plugin for WordPress.

Our journey to this point has not been easy — there have been plenty of tears, sleepless nights, dreams of failure, and mistakes — but we could not be more proud of what we’ve accomplished. WordPress is one of the most empowering tools on the web, surrounded by a beautiful, diverse, supportive community, and working to make it better has been a dream for us.

In the year ahead, we’ll be expanding our team and improving the product, but we’ll never lose sight of where we started.

WordPress, we love you — thank you for the warm welcome.


The Clef plugin for WordPress brings secure, simple, passwordless two-factor authentication to any WordPress site. Download it here!

Welcoming WPPronto to Safer Hosts

Master-white-bgToday, I’m super excited to announce the newest member of Clef’s Safer Hosts program: WPPronto. As part of the program, they’ll be including Clef as part of their default managed WordPress install — with WPPronto you’ll be protected by Clef’s secure, beautiful two-factor authentication from the moment you set up your site.

Who is WPPronto?

If you haven’t heard of WPPronto, you almost certainly know the company by their former name: WPCDN.

Started in 2009 as the first content delivery network built specifically for WordPress, they’ve been powering high-performance sites since the beginning. While their hosting services began as a secondary-offering, in the last few years it’s become their most popular service.

As a result, they decided to shift their primary focus to providing fine-tuned hosting for WordPress. They relaunched as WPPronto last week and it’s awesome.

Speed and security

After running a CDN company for 5 years, the team at WPPronto knows pretty much everything there is to know about running a fast WordPress site — and they’ve focused on making that speedy offering secure. In the words of their CEO, Mark Bailey,

As WordPress continues to explode in popularity, it becomes a bigger and bigger target. Of course, no one wants to have a site infected or blacklisted, or especially have client data compromised. We have multiple security systems in place, and we have been big proponents of two-factor authentication. We love Clef because they implemented two-factor authentication and single sign-on right! Other solutions are hard to set up and use, but Clef is easy and elegant!

We couldn’t be happier to have them as a part of Safer Hosts.

If you’re looking for fast, secure managed WordPress hosting, check out WPPronto right now — as part of their new launch, they’re offering everyone 50% off for 3 months of any plan.


9th Node Networks joins Safer Hosts

We’re really excited to share that 9th Node Networks is now a member of Safer Hosts. As a member of the program, they’ll be letting users install Clef as part of their default WordPress install — helping us make better security the default for the masses.

If you haven’t heard about 9th Node Networks, it’s probably because they’ve been too busy taking amazing care of their customers. Based in Colorado Springs, CO, they’ve been providing top-tier web hosting services since 2008. In the words of their founder, Aaron Ditto:

We at 9th Node are continually looking at ways to improve security for our customers, and help protect them from online attacks. With the rise of cyber attacks increasing every day, we’ve grown familiar with over a dozen other tools to help protect our clients sensitive data. Clef helps simplify not only the login process and management of passwords for hundreds of websites at one time, but instantly helps protect against common brute force and other password breaking techniques on WordPress based websites.

Adding 9th Node Networks to the Safer Hosts program was a no-brainer — and we’re only just beginning. In the coming months, we’ll be working together to release some exciting plugins that bring Clef to new platforms. We couldn’t be happier to have them as a partner.

If you’re looking for awesome, personal hosting, check out 9th Node Networks here.

Raid Host joins the Safer Hosts program

Today, we’re happy to announce that Raid Host is part of Clef’s Safer Hosts program. As part of the program, Raid Host is letting users install Clef by default in their standard WordPress setup process!

For those who don’t know, Raid Host is a UK based web host with thousands of customers worldwide. They provide affordable hosting with a focus on reliability, flexibility and security. Since Raid Host serves customers’ websites in isolated virtual file systems, customers can rest assured that their sites are protected and other compromised sites will never affect their own.

We talked to Raid Host’s Director of Infrastructure, William Eccles, about why Clef’s security matters to them:

Passwords can be cracked, “brute-forced” or even shared among many websites. Clef is the perfect solution for these weaknesses.
As a web host, if an account is breached, we often need to help restore the account and stop spam from being sent. Clef protects the customer, and results in less sysops work for us.

We are so pleased that Raid Host is joining us in making good security the default.

If you’re looking for an affordable host that cares about security from top to bottom, check out Raid Host’s shared hosting plans here.

Announcing Clef for Joomla

joomlashareableToday, we are so pleased to announce that the secure, easy experience of logging in with Clef is now available for Joomla, one of the largest content management systems on the web. You can download the free extension for your Joomla sites here.

Why Joomla?

Joomla is the second largest platform for building websites behind WordPress and powers over 30 million websites. Its ubiquity makes it a high profile target for hacking and defacement especially since hacked sites can be added to a zombie army that attacks even more sites across the web.

As we’ve improved our WordPress plugin, many users have asked us for the same pain-free, secure login experience for Joomla. Joomla administrators often manage many Joomla sites at the same time, and maintaining strong password habits with so many accounts becomes a major frustration. It’s been in our timeline for a while, but we wanted to make sure that we could offer the same elegant, one-click installation process as WordPress.


Lucky for us, a few months ago, Scott Offord connected us with Anything Digital, a premier Joomla company run by Vic Drover, who also volunteers as treasurer of the foundation behind Joomla. They love Clef and build amazing extensions with an eye for security like Watchful and sh404SEF, so it was a natural fit. With our guidance, they’ve built a seamless Clef experience for Joomla with all the same features you’ve come to expect from our WordPress plugin. In addition to easy administrator login, Clef for Joomla supports Clef logins for your site’s regular users out of the box. You can download it here.

We’re so excited to have great developers building on our platform and making Clef available for more people in more places. Between our work with developers and hosts, we’re proud to be making good security the default for the web.

You can download the free Clef extension for Joomla here.

Protecting millions of WordPress users by default


Four weeks ago, we announced Safer Hosts, a program to encourage hosts to enable two-factor logins for their customers. Today, we’re excited to announce the founding members: SiteGround, RaidHostArvixe, and 9th Node Networks.

As part of the program, we’ll be featuring these hosts as preferred and letting them offer easy, secure two-factor authentication for free to every one of their WordPress customers. Clef will be bundled with WordPress installs for new customers and existing customers will have the opportunity to add our technology with a single click.

These companies provide hosting for millions of customers and we are very excited that they are taking concrete steps to make good security the default.

SHIP’s largest founding member

Over the next few weeks, we’ll be taking an in-depth look at every new member of SHIP, starting with one that we’re really excited to have on board: SiteGround. To celebrate, SiteGround is offering a 70% discount to Clef customers through this link.




SiteGround is one of the largest hosts in the WordPress community: they manage more than 300,000 domains across multiple platforms and are well known for sponsoring WordCamps around the world. Founded in 2004, they have become legendary for their simple security and outstanding support.

We first met the SiteGround team at WordCamp Chicago; they were a sponsor and our CEO, Brennen, was giving a talk on the security problems with passwords. After a long conversation at the speaker’s dinner, we realized that they shared one of our core goals: a desire to make more of the web secure by default.

Two weeks later, we were excited to bring them on as one of the founding members of SHIP — they’ll be making Clef available with every new WordPress installation, giving users easy, secure, free two-factor authentication from the get go.

We take security extremely seriously and have always had a very proactive approach to creating our own security systems to give our customers the peace of mind that their sites are safe and secure with us. We are also constantly building and looking for tools that can make the user experience of our customers as easy as possible. Clef 2-factor authentication is definitely something that improves login security and given the growing requests from our existing clients, we are now pleased to partner with Clef and have it available for all SiteGround clients.

- Reneta Tsankova, Chief Operations Officer at SiteGround

With SiteGround as a member of SHIP, the web is a safer place. To learn more about SiteGround, you can sign up for a 70% discount on your first year of shared hosting here.

Get 70% off SiteGround

Only the beginning

We’re so excited by the amazing response we’ve gotten to SHIP: in just a few weeks, we’ve partnered with five of the best hosts on the web to protect more of their customers by default.

But this is just the beginning. We’re determined to protect all of the web, by default, and we’ll need your help to do it.

If you’re a host who wants to keep your customers safe, get in touch about being a preferred host here.

If you’re a customer that wants a safer web, tweet at your host below and tell them to join SHIP!