Clef’s two-factor smartphone login service is being discontinued. What do I do now?

Image via TechCrunch

A few months ago, Clef—the service we use to provide super-secure login functionality on our clients’ WordPress websites—shared the disappointing news that it would be shutting down this summer. In light of that news, we have spent the past few months looking into the best alternative to the Clef login service.

At this time, our immediate recommendation is to deactivate and uninstall the Clef plugin and return to using a secure username and password combination to log in to WordPress.

If you are a Kestrel client receiving ongoing monthly support, the above will be taken care of for you. The next time you attempt to log in to your site, you will be shown a username and password login setup. Enter the credentials you used prior to Clef to log in. If you have since forgotten your username, password, or both, please add /wp-login.php?action=lostpassword to the end of your website URL (i.e. http://www.example-client-site.com/wp-login.php?action=lostpassword) to request a reset.

If you are not a Kestrel client receiving ongoing monthly support, we suggest reading the Clef team’s advice for transitioning away from Clef.

As always, we recommend using the strongest password possible (and one that is unique to your WordPress site). For tips on creating a strong password, read Google’s list of suggestions. Or, generate one automatically using Norton’s strong password generator.

If you have grown accustomed to the ease of logging in with your smartphone, you have the option to forego the username and password combination in favor of a different secure login app called UNLOQ. If you would like to proceed via this route, please send us an email and we will set up this configuration for you. Once UNLOQ is configured on your site, follow the below instructions to get set up:

Step 1. On your computer, go to the UNLOQ Registration page: https://unloq.io/register, insert your data and click SIGN UP

Step 2. On your computer, go check your e-mail and click Confirm my account:

After confirming your account, you’ll receive a Welcome message in your browser containing a QR code that you will use for activating your device.

In order for you to activate your device, you must first get the UNLOQ mobile app.

Step 3. Download the mobile app from the App Store or Google Play.

Step 4: Open the app and swipe left through the tutorial:

Don’t forget to Enable push notifications for the best authentication experience!

Next, you’ll have to set the PIN code for your mobile app. Later you will have the ability to switch to TouchID if you would like (iPhone users only).

Step 5: Pair your device to your UNLOQ account:

In your mobile app, click Scan setup code, point your phone at your computer screen, and scan the QR code generated at step 2.

That’s it! You have successfully set up your UNLOQ account.

Step 6 (optional, iPhone only): If you would like to switch from a passcode to TouchID, click the hamburger menu icon at the top left of your UNLOQ mobile app.

Next, tap Settings.

You can then choose either Pin or fingerprint, Pin and fingerprint, or Pin only.

Step 7: Log in to your WordPress site by appending /wp-admin to the end of your website URL (i.e. http://example-client-site.com/wp-admin). Then, select the UNLOQ tab at the top. You will be asked to enter your email and click Log In With Phone. You will then receive a notification on your phone requesting access. Either enter your PIN or scan your fingerprint, then tap Approve.

Voila! That’s all it takes!

As always, if you have any questions, don’t hesitate to give us a call. We’re happy to help!