Keyy Two Factor Authentication (like Clef)

Keyy gives you 2-factor authentication with a difference. It replaces passwords with sophisticated RSA public-key cryptography, which results in stronger security and a better user experience.

Keyy does away with typing:

• Usernames
• Passwords
• One-time-passwords or other 2FA tokens

Instead, users log in simply using their mobile phone. It’s easy!

• Install the Keyy app on your phone, available through Android or iOS (iPhone / iPad / iPod).
• Secure the app using either a fingerprint or a 4-number pin
• To log in, open the app and point it at the code shown on the screen.

Keyy gives you one-click access to all your WordPress websites simultaneously.

Security

Keyy has been built on RSA public-key cryptography, which is the same tried-and-tested technology underlying secure websites (SSL) and many other industry standards.

It involves a 2048-bit RSA digital key, which is created and stored on the user’s mobile phone. Keyy doesn’t keep a central database of user profile and login details, so you’re not reliant upon any third parties. The digital key is secured in the Android Keystore or Apple Keychain, only accessible via each user’s mobile phone protected by a fingerprint scan or a 6-digit PIN, so data remains safe even if the phone becomes lost or stolen.

Because it doesn’t use passwords, Keyy protects against a host of common password-stealing hacks, including:

• Brute-forcing
• Weak credentials
• Key-logging
• Password re-use
• Shoulder-surfing
• Connection sniffing

By strengthening individual account security, Keyy keeps the entire network safe.

Hold your phone up to any computer and you’re instantly logged in.

You need to have a device (e.g. phone or tablet) that uses either Android or iOS (e.g. iPhone, iPad).

N.B. This is our initial release. It is expected to be rough around the edges!

Please don’t hit us with a bad review before giving us a chance to improve the product; we’re very eager for your and suggestions feedback in the support channel.

In the coming weeks and months we will:
* Launch a single-sign on feature, so logging into one site with Keyy logs you into all sites on that device
* Ability to log on to a localhost site or other site without incoming Internet access (not currently possible)
* Various other smaller improvements also planned

Features

• Login by scanning a code with your phone (or other device). No passwords to remember!

• Industry-standard RSA encryption (assymetric keys) – your login key lives on your phone. There is no back-door access, even for us.

• No central point of failure. The login instruction (signed by your unique private key) goes directly from your phone to your website; no third-party server is involved. You don’t get locked out if somebody else’s server is down.

• Secret URL for de-activating Keyy: note and securely store this URL when you set up, and if you lose your phone later, you can use it to login using the ordinary WordPress username/password mechanism.

• If you lose your phone, you can also disable the plugin through your web hosting account. i.e. You can’t be permanently logged out if you still have access to your WordPress install through your web hosting.

Premium Features

The Premium version of this plugin adds these extra features:

• Ability to choose whether to require a password as well as, or instead of, a scan

• Ability for administrators to impose scan/password policies on users (e.g. all editors require both)

• Scan codes also appear on the WooCommerce and Affiliates-WP login forms and Theme My Login widgets and secondary login forms

• Stealth mode: Hide the Keyy scan image until the user presses a key to reveal it

• Hide username/password fields and require Keyy for all users

• Mass contacting of all users with a connect scan code (useful when requiring Keyy of all users)

• Ability for admins to view and over-ride settings for a specific user

• Keyy admin pages do not show information about other products from our product family

• Ability to customise/brand the “What is this?” message

• Access to Premium support channels