Clef Two-Factor Authentication

Clef Two-Factor Authentication

Modern two-factor that people love to use: strong authentication without passwords or tokens; single sign on/off; magical user experience.

WPMeta Score

Did you know?

Plugin Popularity 3.3
Author Activity 2.5
  • ๐Ÿ‘ท๐Ÿป This plugin is actively maintained and contributors are really committed to it!
  • ๐Ÿ“ข Reliable plugin.. 59 total updates and 12 in last 12 months. That's great track record.
  • ๐ŸŽ– Excellent plugin. It's one of the Top 100 WordPress plugins here.
  • โค๏ธ Mindblowing! More than 913,440 people use plugins from this team.
  • ๐Ÿ‚ 56% of 900,000+ users are on the latest version.
  • ๐Ÿ“ฅ Seems like a popular plugin - 996 people download this plugin everyday.
  • ๐Ÿ‘จโ€๐Ÿ‘จโ€๐Ÿ‘งโ€๐Ÿ‘ง Good sign.. There is a team behind this plugin.
  • ๐ŸŽ‚ This plugin is going to celebrate it's 7th anniversary after 5 months.


The Clef mobile app provides passwordless two-factor authentication that is highly secure and enjoyable to use. Scan the Clef Wave to log in. Watch the 30-sec. demo.

Clef Login Features

  • No passwords: log in securely with the Clef wave, and enjoy two-factor protection without one-time codes.

  • No extra devices: use your smartphone instead of a “third device” such as a USB drive or security key.

  • Single sign on/off: Scan the Clef Wave once, then enjoy one-click sign ins for all subsequent sites. Also, sign out from all your sites with one-click any time, or set the timer to log you out automatically when you’re done working.

Clef Security Features

  • Strong authentication: Clef replaces passwords with the highly secure, tried-and-true RSA public-key cryptosystem.

    • Clef stores the encrypted private key on your phone rather than in a central database. Thus even in the unlikely event of a catastrophic security breach on Clef’s servers, your login credentials remain secure on your phone.
    • Every Clef login requires two identification factors: your phone and a fingerprint or PIN. So even if your phone is lost or stolen, your Clef profile and logins remain safe and sound.
  • Comprehensive login protection: Clef disables passwords for all three WordPress authentication points: Dashboard access, API access (XML-RPC), and password resets. Thus it protects WordPress's front door and back door against the full spectrum of password-based attacks:

    • brute-force and botnet login attacks
    • weak, leaked, and recycled passwords
    • sending login credentials in plain text via an insecure (non-SSL/TLS) connection
    • phishing attempts
    • account takeovers via email breaches

Plugin Configuration Options

  • Flexible password settings

    • Disable passwords for select WordPress user roles including custom roles.
    • Disable passwords for both the login script (wp-login.php) and the XML-RPC API (xmlrpc.php).
    • Accommodate users who do not have smartphones.
  • Shortcode support: insert Clef’s “login with your phone” button or the Clef Wave in any post, page, or text widget using the clef_render_login_button shortcode.

  • Standards-based compatibility: Clef’s WordPress plugin adheres to WordPress coding guidelines and is compatible with most mainstream plugins and themes.

  • Internationalization and localization support: Arabic, Danish, Dutch, French, German, Greek, Japanese, Latvian, Portuguese, Russian, Spanish. More translations on the way. Help translate Clef into your language.

  • Multisite network support

  • Helpful documentation and support