Clef Improves Two-Factor Online Authentication

By March 19, 2015
Clef Improves Two-Factor Online Authentication

In order to step up security on the Internet, the web giants have already been turning to two-factor authentication systems for login. Now Clef has developed a faster means of doing so, using your smartphone but without SMS.

At first sight it looks like a music player. However, the app developed by Oakland, California-based Clef enables fast two-factor authentication for enabled websites. As far as the user is concerned, everything happens between his/her computer screen and smartphone. First of all you enter your login information in an app on the web, and the app displays an animated wave form specially generated for your online session. Next, on your phone, you open a Clef app, identify yourself using a PIN code (or Touch ID on more recent iPhones) and then position your phone in front of the screen as shown in the company’s demonstration video. To date you can use the app to register on over 40,000 sites and disconnect from them. The Oakland startup set out to improve the level of security but wanted to keep the process really simple. This is perhaps the factor which most differentiates the Clef approach from traditional two-factor procedures based on SMS.

Clef from Clef on Vimeo.

Extra security provided by animated wave forms

Similar to other recent projects such as Knock – a solution developed for the iPhone that enables  you to get into your desktop or laptop computer just by rapping on the smartphone with your knuckles – Clef’s approach is to base the user recognition system on animation-plus-smartphone. The phone camera scans the wave form on the computer screen so as to verify that the person seated in front of it really is the user in question. The whole idea is to create a faster and more efficient substitute to sending codes by SMS. In fact the Clef verification method is based on accessing data on your phone rather than interacting with you via an SMS code, which means you can use it even when you do not have a cell signal, provided you are connected to WiFi. However, the main obstacle to widespread take-up of this approach is that action is required upfront by the owners of existing websites: site developers need to integrate the Clef plugin. The basic product comes free-of-charge to users initially, but there are also paid-for options.

Web players looking for an alternative solution, but which ?

Despite this drawback, many thousands of sites have already adopted the Oakland startup’s system. In fact a great deal has been written about the need to find a new model for web authentication and the number of solutions is growing. Among these, a Canadian startup has developed biometric authentication using your heartbeat. Other companies have been developing smart keyboards and wearables. Swiss eSecurity company WISeKey has developed a watch, the Wis watch, which can be used for identification on various sites.  However, like the Clef solution, these user authentication systems have not yet caught the eye of the web giants and so are having difficulty getting off the ground. At the present time, Facebook, Google, Microsoft and Apple use two-factor authentication based on SMS. So it remains to be seen which of these solutions – if any – eventually manages to win over one of the major players and then succeeds in catching on with large numbers of users.

Legal mentions © L’Atelier BNP Paribas