Passwords. Let’s face it: they’re terrible. As a staple of online security, passwords are often too weak or too widely used. A properly complex, completely random password is very hard to remember. Additionally, even if a password could be completely random, chances are that it would be used across multiple websites, and remembering 15 or 20 distinct random passwords is often nothing short of impossible. Although a variety of password management and two-step encoding systems have arisen in an attempt to combat both password weakness and password fatigue, a team of Pomona College students may have just solved the problem of the password once and for all.
The combined efforts of Brennen Byrne PO ’12, Mark Hudnall PO ‘13, Michael Stock-Matthews PO ‘13 and Jesse Pollak PO ’15 have recently introduced a smartphone app called Clef to the iOS App Store (an Android version is coming soon). The app uses QR code scanning in an attempt to eliminate passwords completely from online logins. QR codes, for those unaware, are two-dimensional barcodes, capable of storing any kind of data imaginable (up to a few kilobytes in size). In Clef’s case, the QR code contains a secret key, which, when paired with a similar key stored in the app’s memory, allows a user to securely log into a website via a process called an RSA handshake.
Don’t let the technical details confuse you, though. The math behind the app may be very smart and complicated, but for the user, it’s as simple as: point, shoot and you’re logged in. Gone is the need to remember usernames and passwords—the interaction between the Clef servers and the scanned barcode handles the entire login process in the blink of an eye. The app is also locked with a four-digit PIN, and can be remotely deactivated in the case of a lost phone.
When asked what motivated the team to create Clef, Byrne said that a better, faster web experience for the end user is always the goal. Additionally, one of the chief purposes for Clef’s existence is to provide a solution to the age-old split between best practice and convenience.
“There have always been tradeoffs when it comes to passwords,” Byrne said. Truly secure passwords are often difficult to remember, and one compromised password on today’s highly integrated internet often gives a hacker access to 15-20 websites that use the same login info. Clef, therefore, provides something of a happy medium, as the login experience is both easy and secure, and works instantaneously across all sites using the Clef platform.
Despite considering solutions that involved wireless communications such as NFC and Bluetooth, the team ultimately decided on QR codes because “the only thing that all smartphones have in common today are screens and cameras,” according to Byrne, therefore allowing the login experience to be quick and painless no matter what kind of phone the user has. The only potential issue: making sure that users know what exactly a QR code is in the first place.
Currently, Clef logins are only available on two websites: the official developer page, clef.io and online startup incubator service, nReduce.com. The team hopes to expand the service slowly at first and is searching for smaller startup sites to adopt the platform in order to collect user data and feedback about the real-world effectiveness of the service.
“If we had a large-scale site implement the platform right now, we would probably die,” Byrne said. However, he added, the information collected over the course of a slow expansion would allow the team to work out all potential bugs by the time the app is ready for the mass market.
As for future plans, Byrne said that the team hopes to expand into the realm of mobile payments, allowing users to scan the Clef barcode at an online checkout form for a quick and painless online shopping experience. Clef users would simply store their credit card info securely via a partner site, which would then process transactions linked to the Clef user’s account.
Overall, despite its status as a newcomer in the world of iOS apps, Clef presents users with a painless, intuitive way to log in to websites and services—one that does not require any memorization or worries about security. All you need is an iPhone. Check it out now on the App Store for free if you’re interested, and keep an eye out for the blue Clef barcodes appearing on a website near you in the future.