Clef Two Factor Authentication Shutting Down – What Now?

As mentioned on the Clef blog this week – the widely used two factor authentication tool will soon be closing down. The final closure date for Clef is set for June 6th and any users will need to have found an alternative before that date.

With over a million active users of the Clef WordPress plugin, we naturally have quite a few clients using this system on our WordPress hosting platform – and we wanted to take a brief moment to suggest a suitable alternative. At this time we’re recommending either of the two following plugins for WordPress two factor authentication:

Google Authenticator
Google Authenticator is a plugin, that uses the Google Authenticator app which is made by the good people at Google, this system is widely used around the Internet. Google Authenticator requires you use an app on your smart phone to generate a unique code. This code is then used with your admin password when you login to your WordPress dashboard.

Two Factor
Another option we recommend if you don’t want to use a phone app. If you use Yubikey (physical authentication), email, Google Authenticator, or other different authentication methods this is a great solution.

If you’re not already using such a system, you might be asking: what is two factor authentication? At its core, 2FA requires a user combine two components of identity in order to access a secure system. A great example of this is using a cash machine: you need both your physical card and also a pin number to access your account. Either is useless without the other. Someone trying to compromise your account would be unable to do so if they possessed only one of these. Two factor authentication makes security much harder to beat.

Take the same logic and apply it to your website, and you might begin to realise the problem – most users only have a password field between their sensitive site areas and would be attackers. If your password is broken or stolen, there’s nothing stopping hackers doing their worst. Imagine just having a cash machine card and no matching pin?

At we offer 2FA for our own control panel login should you wish to set it up. Hint: you should do this ASAP! By enabling 2FA on your account login you’re making the foundations of your overall security stronger. Remember, if someone can access your main login, they can edit your email details and with those, more than likely unlock every other security component you have in place.

For any advice on 2FA, simply contact our support team and we’ll be happy to advise.

Stuart Melling

Hi! I am the the co-founder of and Business Development Director; I've been at this hosting lark for more than twenty two years, ulp.. I oversee multiple areas of our business to ensure products and services are meeting our customer's needs. You can get in touch over on LinkedIn or replying to any of most posts. In my spare time I am exceptionally interested in food and drink, I run several food website and am a multi-award winning, food and drink writer.

1 Response

  1. We here at Intercede have just launched an alternative strong authentication solution, “RapID Secure Login” that is really easy to use. It uses a mobile app to scan a QR code, which is signed with a private key on your phone as second factor. It uses different anonymized credentials for every site/account and supports fingerprint or PIN.
    Ease of use, privacy and security are as good as or better than Clef. It uses direct signature verification too, so no call out to 3rd party servers during authentication. Take a look!

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment