Home / Security / How To Choose A Clef Two-Factor Authentication Alternative

How To Choose A Clef Two-Factor Authentication Alternative

WordPress, Joomla and Drupal users recently received some disappointing news as one of the most popular two-factor authentication solutions, Clef, announced that they are shutting down their operations on June 6, 2017.

What Is Two-Factor Authentication?

Two-factor authentication offers an extra layer of security in addition to the traditional username and password method of logging into an account. This makes it more difficult for hackers to gain unauthorized access to user accounts. You’ve likely used two-factor authentication and may not even have realized it. Anytime you are required to enter a pin or answer a security question (like your mother’s maiden name) when logging into an account, you are using a form of two-factor authentication.

Many solutions will send a one-time passcode to the user’s smartphone that is required to log into the account. This means that even if a hacker is able to crack the username and password, they will be unable to log into the account without access to the user’s smartphone.

In recent years, solutions like Clef have taken two-factor authentication security measures to another level. Clef was particularly popular because all you needed to do to log into your site was open the Clef mobile app and use your phones camera to sync up with the Clef Wave animation found on your computer.

Clef Alternatives

Even though Clef was a popular two-factor solution, particularly for WordPress, there are plenty of alternatives to consider.



Setting up Duo two-factor authentication for your site only takes only a few minutes to. All you need to do is sign up for the Duo service and install the plugin on your site. Duo offers both one-tap authentication through the use of Duo’s mobile app as well as one-time passcodes.



Authy is designed to make security especially easy, even for users who are running their first WordPress site. They know that security shouldn’t be painful. Authy provides you with a security token through text messaging or by a phone call. Use this code, in addition to your username and password, to log into your account.



miniOrange may be one of the more flexible two-factor security solutions available. It supports one-time SMS passcodes, push notifications and mobile authentication. miniOrange offers a free plan as well as more advanced plans with additional features and support.



Rublon is a popular solution thanks in part to offering authentication via email, in addition to the traditional phone option. Just scan the Rublon code generated on your login screen with your phone to confirm your identity and access your account. Add Rublon to your site with ease with it’s 1-click download and 1-click activation.

How Safe Is Two-Factor Authentication?

You may have read about a few documented incidents where an SMS code can be intercepted. In reality, two-factor makes site attackers lives extremely difficult because they need to intercept your SMS code in addition to your username and password. That’s no easy task, nor should it be.

You’re welcome to view two-factor authentication as another layer of security. You can lump it in with important protocols like setting secure passwords as well as keeping both your site software and plugins up to date.

The Bottom Line

There will undoubtedly be new WordPress two-factor authentication options that will hit the market with the void left by Clef. The good news is that there are plenty of quality options available for your site.

While you may not like the first option or two as you try them, you’re bound to find one that works well for you. Remember, when you want a site that comes pre-configured with the best security settings, choose A2 Hosting and our A2 Optimized WordPress setup.

Do you have a favorite two-factor authentication solution? Is there one we didn’t mention? We’d love to hear about it and for you to share it within the A2 Hosting community in the comments below!

About Brad Litwin

Brad Litwin is the Marketing Manager for A2 Hosting. He has been with the company since 2007. His specialties include affiliate marketing, content writing and SEO. In his spare time he enjoys running and reading.

Check Also

A loading dock.

How to Migrate Your WordPress.com Website to a Self-Hosted Setup

WordPress.com is a solid platform for people who want to get into blogging. However, it …

  • Thanks for the suggestion, Scott! We always love to hear about new products- SnapID looks like a pretty cool alternative to the usual two-factor solutions. Thanks so much for sharing, we’ll definitely look into this more!

    • Scott

      Thank you, A2. It’s great to participate in a fair and open-minded discussion. I welcome anyone with a challenge about SnapID to address it to me directly here and I will try to respond to it.

  • Scott

    Thanks for pointing this one out, Karen. I’ve looked it over and think it’s a nice replacement for Clef, but it has two fundamental flaws (in my opinion):

    1. You need an app. With SnapID you only need to send a text. People are complaining about the “applash” that comes with having to find, download, learn, and remember to use an app. SMS is the most frequently used “app” on every smartphone and the *only* app that comes standard on every phone made worldwide. No apps means more users and simpler implementations.

    2. Unfortunately Trusona suffers the same limitation as Clef in that many logins are done from a mobile device and you can’t scan a code on a web page that appears on your mobile device using an app on your mobile device. That eliminates about 50% of the logins in today’s mobile-centric world.

    So for those people who just want a straight-up Clef replacement Trusona may be a good choice. For those that want an *improvement* over Clef that doesn’t require IDs or passwords or apps and is highly secure, I still think (and I am admittedly biased) that SnapID offers a superior solution.

    Thanks for taking the time to point it out. It’s a good option; I just think that SnapID is a better one. 🙂

    • Scott Iverson

      Wonderfully crafted reply, except for one issue…it doesn’t work.

      I loaded this onto one of my sites (hosted by A2). I set the plugin to one step for all user types, saved everything, exited my sites wordpress back office, cleared cache and history, went to sites wordpress log on url and nothing. Still the same user password combo I’ve come to know and love–no link to use SnapID.

      Site’s wordpress version, theme and other plugins all up to date. Maybe updating your plug might help, since its been over a year since the last one…possibly not playing nicely with current version of wordpress???

    • muhammed

      your SnapID hasn’t been updated in over a year according to wordpress :/

    • Mike

      Funny that you called out Clef 2x on this about logging in on a device it was installed on. Did you ever TRY to log in to a Clef protected site on your device with Clef on it? I’m guessing no, because if you had, you’d know it DID work for on device access.

  • Thanks for the recommendation, Karen! It looks like Trusona has some nice features and several options available depending on the level of security you need. And rave reviews are always a plus! Thanks for sharing!

  • SPV

    Another alternative, with some cool features, security and UX wise, is Authentiq.