The Best Clef Faces of the Week

Share Your Reaction GIFs and Win Clef Swag

We have had a lot of fun seeing the Reaction Gifs from our users so far. We want to see even more of our fans reactions when they use Clef to login into their favorite sites.

To participate all you need is to login to a website which supports Clef 2FA and you will be prompted to record your own reaction. You can try multiple times until you are happy with your GIF. Then simply use the buttons provided to share on our Twitter and Facebook.

Current Bitcoin Space Partners






More to come. STAY TUNED!

You can also do it from the website by going to:

Click on “Login with Clef”.

Click “Share a custom GIF of your reaction to Clef” at the bottom of the next window.

Then simply share your reaction with one of our social platforms (or both) to enter.

We continuously monitor all entries shared with us, we retweet, favorite, and like them. Each week on Friday we will choose one winner for the best submission. We will contact the winner via PM on Twitter or Facebook and ask for an email address. Make sure to follow us on Twitter and like us on Facebook so we can send you a PM. The winner will receive a Clef T-Shirt and Stickers.


square sticker


rectangle sticker





Below are some examples taken from the submission we received so far.

VOHVgu5 SglXWRg Oe0BvsY dzMZ1f0





We look forward to see your Reaction GIFs, go wild!

Clef and BitSpark: an update

Last week was amazing. We launched two new Bitcoin integrations, BitSpark and Ziftr, and were overwhelmed with the positive response from our community. Thousands and thousands of people logged in and sent us (and the rest of the world) a strong message: people want Clef in more places and they want it there now. We’re excited to have more integrations launching in the next few weeks to fulfill that desire, so stay tuned.

Unfortunately, the week was not perfect. Our launch with Bitspark had some issues, so we wanted to take the time to explain to our community what exactly happened, what our response was, and how we’re going to do better moving forward. Before we dive into the details, we want to make one thing clear: the issues we faced were specific to the way the Bitspark integration was done and did not impact the security of Clef or any other integrated sites.

What happened?

On Monday morning, we launched the BitSpark integration. To promote the launch, we sent an email to a segment of our users offering a 2500 bit (~75¢) reward to the first 1,000 users who logged in to BitSpark with Clef. This email, combined with some in-app experiences that drive users towards new sites that use Clef, sent a very high number of users to BitSpark within the first hour. Under the heavy load, the BitSpark website was intermittently down and our service was temporarily degraded. We quickly scaled up our infrastructure and things stabilized.

As our systems stabilized, we noticed a peculiarity with the Clef login to BitSpark: certain users who were logging in with Clef were being inadvertently shown user information that did not belong to them. We initially thought this was dummy information, but with the help of our users, discovered that it was actually information from a early BitSpark user. There was no ability to change this user’s information, withdraw balances, or do any financial damage, but the exposure of personal information was more than enough for us to be concerned.

When we realized that certain users were gaining access to the user information of another BitSpark user, we immediately shut down the Clef integration with BitSpark from our end. Any user who tried to log in with Clef (old or new) was greeted with a message saying the BitSpark integration was temporarily disabled and that we were investigating the issue. As soon as the integration was disabled, we began working with the BitSpark team to figure out what exactly went wrong and how best to proceed.

What was the issue?

After a thorough investigation, we identified the issue and began working with Bitspark to resolve it. The issue was specific to the way the Bitspark integration was done and did not impact the security of Clef or any other integrated sites.

When a user logged in to BitSpark with Clef, our APIs returned a response that correctly identified the authenticated user and securely provided their information. After that response was returned to Bitspark’s internal APIs, however, a logic error in their integration code caused certain users to be misidentified as an early BitSpark user and they were given access to that user’s information. The Bitspark team was quick to find the error, correct the logic, and deploy a fix. While we obviously would have preferred the integration issue to have never happened, their response was outstanding and we’re proud to have them as a partner.

What was our response?

For the last week, we’ve worked diligently with the team at BitSpark to resolve the issue and get things back up and running. Within 24 hours, we had Clef logins working perfectly; however, their full transition to doing remittances only has slowed down deployment of the fixed integration. Because Bitspark is based in Hong Kong and we are based in Oakland, things have taken a little longer than we’d like to ramp back up: while we hoped to have everything resolved in a few days, it has now stretched to a little more than a week. We’re still working with Bitspark to get Clef logins re-deployed and are hoping to have it done by early next week.

How are we going to do better in the future?

At Clef, one of our core values is to Be Better Today Than Yesterday. We’ve been working hard internally to to figure out how we can prevent an issue like this from happening in the future (and respond better if it does). To that end, we have two core improvements that we’ll be making in the coming weeks & months:

1. We are instituting an Integration Audit Program that will ensure Clef integrations are done correctly and prevent issues like this. With hundreds of integrations every day, we can’t do this for every website; however, all large site launches will be audited and if you’re interested in having our engineering team audit your integration, you can send us an email at

2. We did not do as good job as we should have communicating with our users what was going on as we worked to resolve this issue. In the future, we will give updates on critical events at a minimum of every 24 hours until we are able to write a full post-mortem.

Collecting the Bitcoin reward

When we promised 2500 bits to the first 1,000 people to log in to Bitspark with Clef, we were hoping to be able to distribute the rewards within the first 24 hours after logging in. Unfortunately, these issues complicated that distribution process and we’ve had to keep our users waiting. We are working with Bitspark right now to get the wallet addresses for the winning Bitspark accounts created with Clef and will be transferring the 2,500 bits in the next few days (at which point login with Clef will be redeployed). We’ll be sending a follow-up email when we’ve transferred the bits. We’re really sorry for this delay – we can and will do a better job communicating what’s going on in the future.

Thank you

Clef is much more than just a product to replace passwords. We have 70,000+ websites that rely on our platform, and users all over the world who trust us every day to keep them safe. At every opportunity, we strive to build an organization and community that upholds our values and fulfills the promise of easy security for everyone. Experiences like this show us how we can improve and we promise to always be better.

Thank you for your support!

Ziftr is Revolutionizing Shopping — Without Passwords

Clef continues to spread among Bitcoin/cryptocurrency companies today as you can start using Clef to log in to ziftrPAY, a credit card payment platform. E-commerce is an important place for cryptocurrency to gain adoption, and Ziftr is building all of the critical pieces of infrastructure to make it work. We believe in the huge potential of ziftrPAY and are excited for Clef users to try it out!

ziftr logoziftrPAY is a next-generation payment platform and customer loyalty program that allows merchants to accept credit cards and multiple cryptocurrencies. It offers merchants tokenized security, reduced transaction fees, volatility risk protection, batch payouts and more. As part of the customer loyalty program, ziftrPAY merchants will receive free ziftrCOIN digital coupons to give to their shoppers to incentivize them to use cryptocurrency, a low-cost, low-risk alternative to credit cards.

“With ziftrPAY, we’re creating a simple, secure shopping experience for merchants and shoppers, so it makes perfect sense for us to incorporate two-factor authentication from a company that also values simplicity and security. This partnership with Clef brings together two innovative companies that are reinventing user experiences and making waves in our respective industries.”

— Bob Wilkins, CEO of Ziftr

Getting shoppers to create new passwords when they check out is really difficult for traditional e-commerce stores, but Ziftr is using Clef to make the experience much more seamless for their stores. This can help stores keep more of their customers coming back and directly contribute to their bottom line.

At Clef, we really believe in the power of cryptocurrencies and making them easier to use, and Ziftr fits perfectly with our vision. That’s why, as a part of this partnership, we’ll also be using ziftrPAY for payments from the sites that use Clef’s premium tiers. We’re impressed with the tools Ziftr has built and are excited to be using them ourselves.

Go to and use Clef to log in now!

Bitspark: Your Bitcoin Gateway, Now Without Passwords

Awesome update! Today you can start using Clef to log into Bitspark, a Bitcoin exchange that is also the first company in the world to offer end to end Bitcoin remittances. Over the past three months, Clef has been spreading quickly through the Bitcoin ecosystem and is already overtaking some of the more entrenched incumbents. Bitspark is a leader in making Bitcoin more accessible and we’re really excited to be working with them.

BitsparkBitspark offers two really interesting services — an exchange and a remittance service. The exchange supports 18 currency pairs and 5 fiat currencies and the remittance service works for Hong Kong, Philippines, Indonesia, and Australia.  Backed by the Hong Kong government incubator Cyberport, Bitspark has focused on making strong security really simple for their users. They’ve partnered with BitGo to provide multi-signature wallets to all of their customers, their exchange is based on audited, open source code, and they keep real time proof of their reserves.

“From the first time I saw someone login with Clef, I knew that this was the future of logging in. Our whole team got excited about the technology and the integration was really quick.”

– George Harrap, CEO of Bitspark

That nicer user experience actually makes a big difference. Typically, sites that offer two-factor authentication see fewer than 1% of users opt in to protect their accounts, but sites that use Clef have seen more than 50% of their users opt in to the safer login.

When we think about the next generation of Bitcoin technology, Bitspark is exactly the kind of product that gets us excited. It is absolutely critical that we find ways to make Bitcoin useful to more people, and I’m excited that Clef can help make that happen.

Go to and try Clef out there right now!

True Logins

Announcing True Logins

With nearly 50,000 sites protected by Clef, we have proved that thoughtful design can keep us safer online. I’m excited to announce another piece of our protection package — today we’re releasing True Logins, the first tool to protect against phishing attacks. Phishing attacks prey on ignorance and have been some of the hardest to combat since they take the user away from trusted sites. This is a security breakthrough and it’s only possible because of the incredible interaction design research happening at Clef.

Phishing is when an attacker disguises themselves and pretend to be another website. They might use or so you think you’re in a normal, safe place. Then, if you type in your password for the real site, they can steal your account. You’re not on the real site, so there’s nothing the real developers can do (except nag you about always checking yourself).

But telling users to protect themselves isn’t good enough. We can’t all be vigilant all the time, and so phishing continues to be a popular attack.

True LoginClef is uniquely able to solve a problem like this because of our approach to security and our position across sites. At Clef, we know that good security has to be automatic, and that motivates the interaction design research that makes Clef magic. Because Clef credentials are decentralized and work across sites, we’re also uniquely positioned to solve the user problem, instead of just solving problems for one site. True Logins couldn’t come from anyone else because of the way the industry thinks about security, and the silos that have traditionally existed between sites.

True Logins add a simple check when you log into a new computer. After you sync the Wave, Clef temporarily redirects you to a safe site and your phone asks a simple question to confirm you’re in the right place. If anything is suspicious, Clef cancels the login and sends you to where we can be sure you aren’t being phished. Otherwise, you’re logged in like normal and we remember the computer so you only have to do the extra step once.

As a company we’re focused on protecting Bitcoin and cryptocurrency sites that traditionally see a huge amount of attempted fraud. More daunting than protecting the sites themselves is the task of rebuilding trust with their users.  A lot of security talk can be very technical and hard to understand, so even as we do more of the security work for our users, we’re always working to make the process more obvious and easier to understand. It is absolutely critical that we build trust with folks who don’t have any knowledge about the technology that powers a feature like this.

Updates for Clef with True Logins are in the iOS and Android app stores, so go upgrade and let us know what you think!

FastComet joins the Safer Hosts program

fastcomet-clef-blogI’m super excited to announce that FastComet is now a part of Clef’s Safer Hosts program. In joining the program, FastComet is installing Clef by default for all of their shared-hosting customers — adding better security by default to their SSD cloud hosting.

FastComet is a US based web host that powers websites for thousands of customers all over the world. After seeing Clef in a CloudFlare presentation on web security, they got in contact about protecting their customers. In the words of Daniel Lee, FastComet’s Director of Partnerships,

As a hosting provider, one of our primary goals is to keep our customers protected from malicious activity on their websites. Clef is an easy-to-use solution that keeps everyone safe.

After joining Safer Hosts, FastComet took things to the next level. They created three awesome tutorials on setting up Clef for different platforms: WordPress, Joomla, and Drupal. Totally awesome.

We’re super excited that FastComet is joining us in making good security the default.

If you’re in the market for fast SSD-based cloud hosting for any platform, check out FastComet.

New year, new look

By any measure, 2014 was an incredible year for Clef. We started the year powering logins on a little over 100 sites and ended it on more than 30,000. We hosted 50 Clef Cooks dinners in Oakland and we raised $1.6m to fight passwords.

We’re starting 2015 in a brand new office and with a bunch of incredible new teammates (our team is already 7 people)! But we’re just getting started and today we’re unveiling a new logo for Clef to bring us into the new year.


The Clef Wave is at the very core of what we’ve built with Clef and we want to embrace that in our logo and brand identity. The Wave is who we are and we wanted that to be reflected in how we presented ourselves. You’ll see this changing everywhere you’re used to seeing Clef — our app icon on your phone, the login screens where you use Clef, and across our website and social media accounts.

We’ll have new t-shirts and stickers soon that we’d love to share with you! Send us a note on Twitter (@getclef) or email (support at getclef dot com) and we’ll send them your way once they’re ready. 

We’re also announcing a new feature — offline logins. Until now, it was impossible to log in with Clef if your phone wasn’t connected to the Internet. This doesn’t happen a lot, but it’s annoying for folks who are travelling or trying to log in on airplanes. Logging in offline looks just like a normal online login (you scan the Clef Wave like always), but then you turn your phone’s screen around and show another animation back to the computer.

It’s pretty cool. If you want to try it out, you can put your phone in airplane mode and log in anywhere that uses Clef!

We have an incredible year ahead of us with many more exciting announcements coming soon. Stay tuned :)

A bigger, better Clef

Clef is two-factor authentication from the future (learn more here). We’re excited to announce raised $1.6m from Morado Ventures and some amazing angels led by Raj Mehta to help us build the company we love, solve two-factor authentication, and kill passwords. 

Until very recently, Clef consisted of three people — Mark, Jesse, and I (Brennen). For the last two years, we’ve been on a mission to kill passwords and we’ve built an amazing product to do it. We launched in June of last year and have been living, breathing, and dreaming Clef ever since.

Along the way, we’ve been extraordinarily fortunate to find communities that have welcomed us. With their support, we’ve grown from less than 100 sites using Clef at this time last year to more than 16,000 today. In WordPress, we’ve blown away every other two-factor authentication option by focusing on what we do best: creating a beautiful login experience that delights instead of frustrates. We could not be more proud of, or grateful for, everything that has happened so far.

But we’re not finished yet: we have huge goals and miles to go before we sleep. To help us achieve those goals and build the company we love, we’ve raised $1.6m from some incredible investors, including Morado Ventures and a group of wonderful angels led by Raj Mehta.

In the next year, we’ll continue rapidly expanding our presence in platforms like WordPress, but we’ll also be adding a new focus: Bitcoin. As cryptocurrencies are adopted by everyday Internet users, an important challenge arises: how can we keep users who refuse to use traditional two-factor safe? Clef is the answer. We’ve built the best two-factor in the world and as passwords die, we’ll keep Bitcoin users safe with an experience they love.

We announced a few weeks ago that Laurence had joined the Clef team to help with support and today I’m happy to announce two other hires: Darrell Jones III will be joining us in December to do business development, and Sasha Heinen will be joining us in January to build our apps. Darrell is a force of nature we were all inspired by in college and Sasha is one of the best engineers I’ve met.

As we grow, we’ll never lose sight of the many people and communities that helped us on our way. To everyone who has supported us: Thank You. We are so grateful for your support.

To celebrate, we’d like to extend an (always open) invitation to our 67th weekly community dinner in Oakland. Swing by our office anytime after 6:30, enjoy some home cooking by Mark, Jesse and I, and celebrate the beginning of a new era in Clef’s life.