Bitcoin Forum
December 14, 2024, 10:05:57 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Clef - what does everyone think?  (Read 572 times)
nibor (OP)
Sr. Member
****
Offline Offline

Activity: 438
Merit: 291


View Profile
December 15, 2014, 10:38:38 PM
 #1

Just asking here as is the most hacked community on the web I expect!

Not an ad I promise! Just wonder if anyone done any research on them?

https://getclef.com/

Really nice way to secure a site (and looks pretty!). To login to site need smartphone/app and 4 digit pin (same for all sites).

App on phone locks you out after a few wrong guesses for a period of time (not sure how long - still waiting!!).

Obvious route in is the "lost phone" web page. You then need to be able to intercept the users email and know their 4 digit pin.
I assume clef have some way to prevent brute forcing the pin, and since you only ever normally use the pin to unlock app on your phone seems reasonable secure as pin never leaves your phone normally.

Also they refuse to reset pins. All you can do is delete account if you can access your email. This seems a bit of a weakness to me - as any attacker with access to you email can lock you out of all your accounts! But that is normally a smaller problem than them having access to them all.

gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 4298
Merit: 8818



View Profile WWW
December 15, 2014, 11:02:29 PM
 #2

This really sounds like an advert, it's offtopic for this development subforum too. If you were a single post account I would have nuked your post and banned your account.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!