Clef, a popular two-factor authentication service used by Magento eCommerce stores and WordPress sites has announced that its service will cease operation on June 6th 2017. It’s not clear why Clef is shutting down, but the company’s announcement states its employees will be moving to another company. It seems Clef – in spite of its popularity – failed to find a business model that could support its continued existence.
eCommerce merchants and site owners who use Clef should prepare to move to a different TFA provider as soon as possible.
Although there is no shortage of TFA plugins and services, Clef put the user experience front and center, offering an intuitive solution to the perennial problem of poor password management. Clef’s WordPress plugin has been installed over a million times, and its Magento extension has five stars on Magento Connect. The WordPress plugin has already been removed from the WordPress Plugin repository, and other integrations and mobile apps will be withdrawn in the lead-up to the service’s shutdown in three months.
Two-factor authentication is a key security measure for sites and stores that need authentication more robust than a simple username and password combination can offer. Brute force attacks are a constant threat to any online business, and sites with many users struggle to ensure they choose passwords intelligently.
Two-factor authentication services – including Clef – add an extra factor of authentication, often a one-time code generated by a mobile application. Without access to the secrets used to generate these codes, brute-force attacks can’t succeed. Sites are also protected against other password-based vulnerabilities, including leaked password databases and careless users who don’t keep their passwords safe.
It’s advisable for all sites and eCommerce stores to implement two-factor authentication. Those who used Clef have several options to choose from.
Users of Magento 1.X can move to Hostdedi’ Sentry extension, which, once installed, will require two-factor authentication for all administrative logins. Sentry integrates with many of the most popular two-factor authentication services, including Duo and Google Authenticator.
WordPress hosting clients who use the WordPress security plugin Wordfence might consider its built-in 2FA functionality or a dedicated plugin.
- Two Factor Authentication is a comprehensive TFA solution for WordPress. It can be used with Google Authenticator, Authy, and a number of other TFA services. Two Factor Authentication is thoughtfully designed and includes several features to simplify logging in for WordPress users, including graphical QR codes that can be scanned by mobile devices.
- The Duo Two-Factor Authentication plugin works with the popular Duo TFA service and offers one-tap authentication and one-time passwords delivered by SMS.
If you don’t use two-factor authentication, you’re missing out on a low-friction strategy that significantly reduces the chances that your site will be compromised.