Unblocked AI Code Review β High-signal comments based on your team's context
High-signal comments based on your team's context
Promoted
This looks pretty slick. I can definitely see myself using this instead of building it out by hand. Do you have plans to build support for native apps as well?
@rajsinghtut Yes! Support for iOS and Android is in-progress right now and we'll be rolling it out in the next couple weeks. We started on desktop so we could iterate quickly, but we've already talked to a bunch of customers who are mobile-only or need mobile support to roll out 2FA. After all of our years building Clef (getclef.com), we know how important our mobile devices are to our online identities and are making sure has those bases covered!
@zrathustra Hey Andrew, thanks for the question :)
If a company implements 2FA on their own, then they're responsible for following best practices like encrypting OTP seeds at rest. In the event of a breach, an attacker has access to both passwords (hashes, hopefully) and OTP seeds (encrypted, hopefully).
With Instant2FA, an attacker must breach both the company and Instant2FA to impersonate users who have 2FA enabled (since we store the seeds, but don't know anything about usernames and passwords). FWIW, we follow best practices, encrypting seeds at rest and hashing backup codes. If someone within the company acted in bad faith, the threat model stays the same -- since we don't have access to a company's database, a bad actor wouldn't have the knowledge factor needed to maliciously access someone's account. Of course, we also limit access to our database and infrastructure within the company on a need-to-know basis.
Report
@landakram Awesome, this is a cool product. Are there plans for integrating Clef (or another generic asymmetric auth protocol) as a second factor?
Also a quick nit - will my homebrewed U2F token work (currently only branded as Yubikey in the UX right now)? ;)
@zrathustra@landakram Definitely plans for integrating Clef & other asymmetric auth protocols. And, yes! We'll support generic U2F at the same time we support Yubikey :)
Hi Product Hunters! Instant 2FA is hosted two-factor authentication that lets developers add two-factor auth support to any website or app in 30 minutes. It takes 3 API calls to integrate and doesn't require any database or user experience changes.
We've been running a small closed beta, but interest has spiked from tension since the election and we're excited to expand the beta!
Instant 2FA is built by the team at Clef that has been working on more secure 2FA options for 4+ years, and will be completely open source once it's launched out of beta.
Out of the box, Instant 2FA will support Google Authenticator (TOTP), text messages (SMS), and Yubikey (U2F) with one integration. The beta supports TOTP, then when we do our final release developers can enable any or all of the different 2FA options, and then users can pick whichever option suits them best.
Product Hunters who start an integration today will get a lifetime 25% discount on Instant 2FA! (Your beta access code is: happy-hunting)
I'm around to answer questions and our dev team is available to help with integrations all day :)
@brennenbyrne Will the upcoming SMS feature confirm the phone number is from an actual mobile carrier? The latest NIST draft appears to require, see https://pages.nist.gov/800-63-3/... Alternatively can I turn off the SMS option? Thanks, Mike
We hit our quota for the current private beta batch, so we've had to close beta signups for now. That said, if you request access to the beta, and get approved, after coming through Product Hunt, we'll give you the 25% lifetime discount. Thanks for all the love & support PH!
@mdebenedittis Hey Mike, we'll offer carrier confirmation, we might not have it ready by the time we release SMS verification, but it'll be an option. As a site owner, you'll always have control over which forms of 2FA to offer your customers -- you can turn on or off any option that we offer :)
I love Clef but hate that very few sites support it. This looks awesome but I'm wondering.... Since Clef isn't supported at start and it's your own 2FA solution plus PH taglines saying that the company is now Instant2FA instead of Clef, are you putting Clef on the backburner?
Clef hasn't taken off as much as it could have so I'm just curious about what you see for the future of Clef alongside this @brennenbyrne@jessepollak@landakram@aayush@gwongz@darrelljonesiii
Hey Brandon, that's a really good question. We still think that crypto-2FA on our phones, like Clef, is the future of logging in, but there's a lot of work to be done before it's easy for websites to support it. In the short term, Clef is going on our back burner while we build out the tools that developers need (Instant 2FA), but in the longer term we still believe in that technology and that user experience.
We just integrated Instant 2FA to ReadMe and were really impressed by it. It's hosted two-factor authentication and the integration took us less than an hour from start to finish. Definitely recommended!
The issue of security has become a hot-button issue. Hundreds of millions of accounts stolen on Yahoo are just the tip of the iceberg in terms of what we know has been hacked. Everyday I see Skype messages from friends with hacked accounts. 2FA is critical and Instant 2FA makes it incredibly simple. You guys are awesome!
@richard_rabbat Absolutely agree. We're working on making it simple to the point of trivial integration. There's quite a few opportunities to do so and make a developer (and end user) experience better here, and we're excited to tackle them.
Report
Instant 2FA Integration literally took 30 minutes - every business should be doing this, no excuses. This Clef folks have certainly earned our trust over the years and my team/community are super excited to be benefiting from their expertise.
Instant 2FA
Instant 2FA
Instant 2FA
Instant 2FA
Instant 2FA
Instant 2FA
Instant 2FA
Instant 2FA
Valiant Gaming
Instant 2FA
ReadMe
Instant 2FA
Gfycat
Instant 2FA
Instant 2FA