If you’re using any of the major e-mail services like Gmail, Yahoo, AOL, etc., you might have recently been asked to reset your password. Same goes with users of the latest versions of WordPress. A six digit password or PIN isn’t cutting it any more, as hackers with brute force attack strategies continue to plague the internet with stealing people’s accounts. Back on April 11, 2013, there was a massive such attack on WordPress sites alone.
So what’s the solution? As long as passwords remain the go-to method of validating one’s identity, longer and more complex passwords seem to be the solution. Brute force attacks rely on computers to randomly generate sequence of letters and numbers to figure out your password. It’s one of the important reasons not to use actual dictionary words or proper nouns as passwords. Instead, a long string combination of upper and lowercase letters, numbers, punctuation marks, and other non-conventional characters are recommended. A strong password should have at least 15 characters in it, have upper and lower case letters, and look and feel pretty random. Oh—and it shouldn’t be the same password at every site you use. So one for your e-mail, one for your bank account, one for your Amazon account… Are you getting dizzy yet?
The headaches are compounded when, after following the rules for a strong password, you wind up with a list of ones like:
- +Q@ ‘A|}66(.1+(f
Those are pretty strong passwords, but if you don’t write them down, you’ll have a slim chance of memorizing even one.
One solution to the password problem is to have a password manager or locker. 1Password, LastPass, MaskMe, and other online services store all your really strong passwords under one umbrella account. You just need to log in once to their services with a master password (hopefully a really strong one!), and they take care of things for you.
But even the strongest alpha-numeric password is potentially hackable.
This is why since last October, I’ve been using Clef.
A while ago, in an effort to thwart software piracy, publishers required computer users to use a hardware key in conjunction with a computer program. It usually took the form of a dongle that you would plug into a serial port that the computer would recognize and let you use your licensed and kosher program.
I hated those. So did a lot of other folks. But some publishers today still use such hardware devices to keep their software from being pirated (presumably, you could pirate the program, but not the hardware!).
At the same time, the idea of having a physical key instead of a virtual one is really effective. If you only have one key to your house, you’ll need a good locksmith to get in if you lose it. The same can go for your e-mail accounts, bank accounts, etc. The key though should be easy to acquire, install, and use. And this is the idea behind Clef.
Through some really cool technology, Clef allows users to login to their accounts using their SmartPhone, something most computer users already have. With the free Clef app installed, an account set up at Clef, and any Clef enabled website, you scan your login screen with something that looks like a seasick barcode reader. Line up the lines, and you’re logged in. No passwords to memorize. The phone does it all.
Not just that, but once logged in, you can set up a time limit that your account stays logged in. When the timer on your phone reaches zero, you’re logged out, even if you forgot to do so manually. What’s even better, once you’re logged into one account with Clef, you’re logged into all your accounts that are open in your browser.
Originally, Clef was designed to be used as a WordPress plugin. You install it on your site or blog, go into the settings area, scan the screen in your site, and you’re up and running. The set up is ridiculously easy.
And now, as reported in the New York Times, Clef has a new companion piece: Waltz. Waltz acts like the previously mentioned password managers, but adds the power of Clef and removes all the hassle of remembering alpha numeric passwords. The Chrome browser has a plug-in for Waltz which will allow users to login to Facebook, Gmail, Amazon… pretty much anywhere. And again, since you’re using your physical smartphone to login, the security is super-strong.
With a fantastic ease-of-use factor, really strong security, and a price tag of $0, it is wholly worth your while to check Clef out. They really know how to Make Tech Better, and get a super-strong endorsement from us.