Just a question, Is waltz is the only system to use clef?? Just wondering.
I guess Clef created Waltz too ?
Topic: [ANN] Clef is secure two-factor authentication with no passwords or tokens - page 4. (Read 15221 times)
April 14, 2015, 02:10:17 PM
April 14, 2015, 08:36:41 AM
Bitcoin news site, Bitcoins in New York City now supports Clef login!
Check it out: http://bitcoinsin.nyc/
Nice to see Clef getting integrated in more and more Crypto related sites and tools. Way to go!
April 13, 2015, 08:00:57 PM
http://i.imgur.com/Co1SqPO.png
Bitcoin news site, Bitcoins in New York City now supports Clef login!
Check it out: http://bitcoinsin.nyc/
Bitcoin news site, Bitcoins in New York City now supports Clef login!
Check it out: http://bitcoinsin.nyc/
April 13, 2015, 07:08:07 AM
Could you check with koinify. I cant connect with Waltz and Koinify.
Thanks
Thanks
We suggest checking with Koinify first at [email protected].
April 12, 2015, 08:47:44 PM
Could you check with koinify. I cant connect with Waltz and Koinify.
Thanks
Thanks
April 12, 2015, 08:10:52 PM
Great Job Clef Team! Its working perfectly!
We are happy to be of help. Thanks for the feedback.
April 12, 2015, 07:54:15 PM
Great Job Clef Team! Its working perfectly!
April 12, 2015, 07:11:06 PM
We are glad to be able to help improve security on Koinify.com.
Best wishes to both the Koinify and Factom teams with their ongoing Software Sale!
Best wishes to both the Koinify and Factom teams with their ongoing Software Sale!
We thank you for making the login process on Koinify easier and for the support!
April 12, 2015, 06:40:51 PM
We are glad to be able to help improve security on Koinify.com.
Best wishes to both the Koinify and Factom teams with their ongoing Software Sale!
http://i.imgur.com/CKfrQHf.png
As featured on Bitcoinist.net
http://i.imgur.com/7hFexCS.png
Best wishes to both the Koinify and Factom teams with their ongoing Software Sale!
http://i.imgur.com/CKfrQHf.png
As featured on Bitcoinist.net
http://i.imgur.com/7hFexCS.png
Looks like there's some good connections being made. Looking forward to more!
Make sure you listen in the coming weeks for more great announcements
April 12, 2015, 03:48:30 PM
We are glad to be able to help improve security on Koinify.com.
Best wishes to both the Koinify and Factom teams with their ongoing Software Sale!
As featured on Bitcoinist.net
Best wishes to both the Koinify and Factom teams with their ongoing Software Sale!
As featured on Bitcoinist.net
Looks like there's some good connections being made. Looking forward to more!
April 12, 2015, 12:20:16 PM
We are glad to be able to help improve security on Koinify.com.
Best wishes to both the Koinify and Factom teams with their ongoing Software Sale!
http://i.imgur.com/CKfrQHf.png
As featured on Bitcoinist.net
http://i.imgur.com/7hFexCS.png
Best wishes to both the Koinify and Factom teams with their ongoing Software Sale!
http://i.imgur.com/CKfrQHf.png
As featured on Bitcoinist.net
http://i.imgur.com/7hFexCS.png
April 10, 2015, 07:49:17 PM
I did a little op-ed on clef, I hope you enjoy it
http://bitsofnews.net/more-than-just-an-authenticator/
http://bitsofnews.net/more-than-just-an-authenticator/
We appreciate the support bassguitarman, good read!
Are you planning to use or have been using Clef?
April 10, 2015, 04:04:57 PM
I did a little op-ed on clef, I hope you enjoy it
http://bitsofnews.net/more-than-just-an-authenticator/
http://bitsofnews.net/more-than-just-an-authenticator/
Nice article bassguitarman! Nothing like an outside review of a service. Cheers for that.
April 10, 2015, 01:45:14 AM
I did a little op-ed on clef, I hope you enjoy it
http://bitsofnews.net/more-than-just-an-authenticator/
http://bitsofnews.net/more-than-just-an-authenticator/
April 10, 2015, 12:46:29 AM
This is very good question that I am also having. Your online documentation only talks about public key cryptography and says nothing about where the private keys are stored and their security. I guess the phone is generating a signature using the private key.
Can you put more detail on how this is secure:
- How is the private key sandboxed? Since the phone is connected to internet , this is a concern for me. Other hardware devices like trezor or bank 2fa h/w devices are not connected to internet , so it feels safer to me
- Also I want to know, how are you getting enough entropy for the private key, is the implementation safe( We had same problem with other websites ). Can you open source this part
Good questions
The private keys are generated and stored on the phone -- on iOS we get to use hardware encryption and on Android we use PIN-based encryption (though we're considering using something like Rivetz here).
We use the standard system libraries for both platforms to generate the keys which offer plenty of entropy for this kind of usage (http://android-developers.blogspot.de/2013/08/some-securerandom-thoughts.html -- the SecureRandom patch of course happening after August 2013).
As for being Internet connected -- when we talk about theoretical security, an Internet-connected phone will never provide the same level of protection as a dedicated offline device. That said, dedicated devices as they exist today are all seed-based (and so must have a server counterpart that stores the exact same seed and which IS Internet connected as well as centralized). A key based, dedicated offline device is definitely possible, but the infeasibility of distributing them along with the increased burden of training people how to use them make them pretty farfetched for a broad audience.
Great. Good to know you guys have put enough thought into the security. Thumbs up for clef
April 09, 2015, 09:01:25 PM
That said, dedicated devices as they exist today are all seed-based (and so must have a server counterpart that stores the exact same seed and which IS Internet connected as well as centralized).
Do you know FIDO ? Devices are already available, cheap, extremely simple to use, and based on open standards.
April 09, 2015, 07:31:18 PM
This is very good question that I am also having. Your online documentation only talks about public key cryptography and says nothing about where the private keys are stored and their security. I guess the phone is generating a signature using the private key.
Can you put more detail on how this is secure:
- How is the private key sandboxed? Since the phone is connected to internet , this is a concern for me. Other hardware devices like trezor or bank 2fa h/w devices are not connected to internet , so it feels safer to me
- Also I want to know, how are you getting enough entropy for the private key, is the implementation safe( We had same problem with other websites ). Can you open source this part
Good questions
The private keys are generated and stored on the phone -- on iOS we get to use hardware encryption and on Android we use PIN-based encryption (though we're considering using something like Rivetz here).
We use the standard system libraries for both platforms to generate the keys which offer plenty of entropy for this kind of usage (http://android-developers.blogspot.de/2013/08/some-securerandom-thoughts.html -- the SecureRandom patch of course happening after August 2013).
As for being Internet connected -- when we talk about theoretical security, an Internet-connected phone will never provide the same level of protection as a dedicated offline device. That said, dedicated devices as they exist today are all seed-based (and so must have a server counterpart that stores the exact same seed and which IS Internet connected as well as centralized). A key based, dedicated offline device is definitely possible, but the infeasibility of distributing them along with the increased burden of training people how to use them make them pretty farfetched for a broad audience.
April 09, 2015, 02:16:05 PM
started using Clef and noticed that the app logs me out of everything when I'm asleep - it's a good feature and yea I know I should log out of everything when I leave the site but apparently I forget.
April 08, 2015, 05:32:06 PM
Decentral Talk Live Ep #67: Brennen Byrne of Clef
Clef's CEO interviewed by Decentral.TV Talk Live during the 2015 Texas Bitcoin Conference.
Clef's CEO interviewed by Decentral.TV Talk Live during the 2015 Texas Bitcoin Conference.
Nice vid, it's good to see the faces behind Clef.
April 08, 2015, 05:11:05 AM
I think the project is pretty cool. What I like is a function to backup your data. For example if I would lose my phone with Google Authenticator, I could never access my funds on an online wallet like blockchain.info again...
Jump to: