Announcing True Logins
With nearly 50,000 sites protected by Clef, we have proved that thoughtful design can keep us safer online. I’m excited to announce another piece of our protection package — today we’re releasing True Logins, the first tool to protect against phishing attacks. Phishing attacks prey on ignorance and have been some of the hardest to combat since they take the user away from trusted sites. This is a security breakthrough and it’s only possible because of the incredible interaction design research happening at Clef.
Phishing is when an attacker disguises themselves and pretend to be another website. They might use faceboook.com or gmai1.com so you think you’re in a normal, safe place. Then, if you type in your password for the real site, they can steal your account. You’re not on the real site, so there’s nothing the real developers can do (except nag you about always checking yourself).
But telling users to protect themselves isn’t good enough. We can’t all be vigilant all the time, and so phishing continues to be a popular attack.
Clef is uniquely able to solve a problem like this because of our approach to security and our position across sites. At Clef, we know that good security has to be automatic, and that motivates the interaction design research that makes Clef magic. Because Clef credentials are decentralized and work across sites, we’re also uniquely positioned to solve the user problem, instead of just solving problems for one site. True Logins couldn’t come from anyone else because of the way the industry thinks about security, and the silos that have traditionally existed between sites.
True Logins add a simple check when you log into a new computer. After you sync the Wave, Clef temporarily redirects you to a safe site and your phone asks a simple question to confirm you’re in the right place. If anything is suspicious, Clef cancels the login and sends you to getclef.com where we can be sure you aren’t being phished. Otherwise, you’re logged in like normal and we remember the computer so you only have to do the extra step once.
As a company we’re focused on protecting Bitcoin and cryptocurrency sites that traditionally see a huge amount of attempted fraud. More daunting than protecting the sites themselves is the task of rebuilding trust with their users. A lot of security talk can be very technical and hard to understand, so even as we do more of the security work for our users, we’re always working to make the process more obvious and easier to understand. It is absolutely critical that we build trust with folks who don’t have any knowledge about the technology that powers a feature like this.
Updates for Clef with True Logins are in the iOS and Android app stores, so go upgrade and let us know what you think!