I still remember the excitement that I felt when I found out about Clef, the no-longer-available two factor authentication app that helped me get rid of the password that I use to login to News47ell’s admin dashboard. It was magical, but sadly, the excitement didn’t last for too long. Clef shut down and the team moved to join Twilio to work on Authy.
I was left with the same old, boring login method for my site.
Today, I get to be excited again thanks to the great people over at UpdraftPlus because they released their promised app they claim is going to be the heir of Clef.
Keyy two factor authentication, a brand new WordPress plugin, iOS & Android app by the developers of the popular WordPress backup plugin UpdraftPlus, is going to bring back the good old days of not having to enter that hard to remember password 1 every time I want to login to my admin dashboard.
Let’s dive right into my Keyy two factor authentication Review
Table of Contents
What is Keyy?
Keyy is a brand new WordPress plugin by the UK based company UpdraftPlus that aims at getting rid of the password you use to login to your WordPress site. Because let’s face it, the password you are using now can be described in either one of these ways:
Easy to remember and easy to crack 2 or
Hard to remember and you’d need to rely on a 3rd party service to keep it safe.
Which is not always safe since these days all services are being hacked left and right.
That’s why you need something even better than a password or an OTP and that’s where Keyy two factor authentication comes in.
How does it work?
Keyy works by replacing your username and password with a wavy code 3 that can be scanned using the Keyy Android & iOS app.
Once you scan it, you will be automatically signed in to your account. Neat. So, just like you signed in, you can also log out of your account with one tap inside the Keyy app.
Why should you use Keyy?
Using Keyy means going Passwordless.
Here are the benefits of doing that:
- Never having to remember a password.
- No more careless use of weak passwords.
- No need to worry about brute force attacks.
- Or about key-loggers attacks.
- Or server breaches.
What does Keyy Premium have to offer?
In addition to the free version of Keyy WordPress plugin which is a solid alternative for Clef, there’s also a premium version that has many features that packs a punch.
Along with increasing the number of sites registered under a single Keyy account and number of users registered on a single site, one of the main security features that the premium version of Keyy offers is the Multi-factor authentication option. It allows you to choose between three different ways to log in:
- A Keyy scan logs you in; no passwords.
- Logins need a Keyy scan AND a password.
- Logins need a Keyy scan OR a password.
The other two security features are:
- Stealth mode that hides the QR Code until a secret key is pressed.
- Hide password fields.
Other features include:
- Option to send a mass email to everyone who isn’t connected yet to Keyy.
- Set up specific policies for each type of user(s)
- Control each user and force them to log out.
- You can set a custom message.
How to set up Keyy?
Keyy two factor authentication is very easy to setup. Keep in mind that you need to do that in two different places and platforms:
- The first place is your site that you need to protect and to do that, you need the WordPress plugin.
- The second place is your authentication device, which is your phone. To turn it into the magical device that logs you in effortlessly, you need to install the Keyy Android & iOS app.
Now that you have a general idea about Keyy’s two factor authentication, how it works and where to set it up, let’s learn how to set it up on WordPress and an iOS device.
Keyy WordPress plugin
Install and activate the Keyy Two-Factor Authentication plugin.
Open Keyy Login in the left side menu and you should see a QR Code.
Keep this window open because we need to come back to it after we finish setting up our Keyy app on the iPhone.
Keyy iOS app
Install the Keyy app.
Open the Keyy app and enter your email to sign up.
Verify your Keyy account by clicking the link in the verification email.
Open the app again and point the camera to the QR Code that you saw in Step 2.
Keyy will authenticate and you should be good to go with your shiny new way of logging into your website.
Like I mentioned before, Keyy has a premium version that adds multiple security features and other features to manage all of your users who use Keyy to authenticate.
All the premium pricing options are similar in terms of features but differ in the amount of sites and users that you can add to your Keyy account.
|Free||Premium Personal||Premium Plus||Premium Ultimate|
|Max Keyy users per WP site||5||15||50||Unlimited|
|Max sites registered per getkeyy.com account||5||15||35||100|
|Premium & fast support||✕||✓||✓||✓|
|Administrative policies for users||✕||✓||✓||✓|
|Stealth mode: Hide the code until a key is pressed||✕||✓||✓||✓|
|Hide username/password fields and require Keyy||✕||✓||✓||✓|
|Admin ability to change user settings||✕||✓||✓||✓|
|Ability to brand or customise message||✕||✓||✓||✓|
|No adverts on Keyy admin pages||✕||✓||✓||✓|
|Admin tools for enrolling current users en masse||✕||✓||✓||✓|
|Optionally allow passwords as an additional factor||✕||✓||✓||✓|
|Supports WooCommerce and Affiliates-WP login forms||✕||✓||✓||✓|
Why should you buy the Premium version?
Whether you run your own personal site or manage a site with multiple users, the premium version of Keyy WordPress plugin is a must have for everyone who cares about their site’s security.
Keyy WordPress plugin isn’t here to add another gimmicky option to your site that you can’t live without, but instead, they are here to add an extra layer of security that works to protect you and eliminate that weak link that is called password.
My personal experience with Keyy and the team behind it
While testing the beta version of the iOS app and the premium version of the plugin, I couldn’t help myself but encounter a couple of bugs which I reported to the Keyy team right away:
- Being able to scan a code without unlocking the iOS app. Fixed in the beta version 1.2.1 (1.1).
- If the user had chosen to allow either Keyy OR a traditional password login (option in the Premium version) then the plugin was actually requiring both (i.e. AND) Fixed in WordPress plugin version 0.6.6.
In about 5 hours an update was pushed to two different platforms rendering those bugs a thing of the past.
Big thanks to David and Ashley for fixing these bugs quickly.
I started writing this article as soon as Keyy was released to the public on June 1, 2017, since then, there were a number of updates that were pushed to Keyy on all three platforms:
Eighteen updates were pushed to three different platforms that didn’t just include bug fixes, but also included new features for users of the free and premium version of the plugin.
All of this might not seem like much, but to me, it does.
What are the good and bad stuff in Keyy?
Before we list the good and bad stuff about Keyy two factor authentication, please note that currently Keyy WordPress plugin is still at version 0.6 and the iOS app is still at version 1 meaning that things are still new and might break.
Now, onto the list:
- The main Clef-like feature is free
- Android & iOS app are free
- Android & iOS app are universal.
- Super easy to setup.
- Very quick to authenticate.
- It uses Kjua instead of jQuery to generate the QR Code. 4
- Backup URL that you use in case you don’t have your phone.
- The iOS app UI looks different from the Android app UI.
- Backups are neither intuitive nor automated. 5
- Passcode are limited for 7 digits only. 6
- No option to disable Touch ID on iOS.
- The app icon on iOS & Android have a glossy finish. 7
- The backup URL is randomly generated, expire when used, and can’t be customized.
Keyy is a product that came into existence after the announcement of Clef’s demise became public, the UpdraftPlus team wanted to keep Clef alive in any way possible. Even by trying to purchase Clef.
Yup! Lead Developer David Anderson contacted the Clef team in a bid to take the product on, but his offer was declined. According to Torque Magazine’s Naomi Miles.
The entire team behind Keyy, made a great progress in a short amount of time to replicate what Clef did.
Updates are being pushed on three different platforms simultaneously, squashing bugs and adding new features, for both free and premium users.
This shows you the amount of dedication and energy that the team has and is pouring into this product to attract the same great community that the Clef team has left behind.
Whether you want to get the free or premium version of Keyy, you won’t be disappointed. The security of your site will increase and you will be able to sleep better at night.
So go ahead, install it because Keyy has proven to me that it is the heir of Clef.
Currently it’s a QR Code but soon to be replaced in the next few updates. ↩
Current backup function need to take advantage of Dropbox right away to insure an automated, seamless, secure and cross-platform backup ↩
Simple 4 digits passcode or, Complex unlimited alphanumeric passcode. ↩
The glossy finish on the app icon is horrible. ↩