Bitspark becomes the latest Bitcoin company to integrate Clef’s two-factor authentication to provide secure, “passwordless” logins for their users.
Why Is This Important?
Earlier this year, the Canadian Bitcoin exchange, Cavitrex, shut down temporarily due to security concerns. The exchange was hacked just weeks prior to the announcement, which caused users’ passwords and two-factor authentication secrets to be compromised.
Bitspark is a Hong Kong-based exchange and remittance company that has recently announced a new round of funding. They are the first company in the world to offer end-to-end bitcoin remittances and were recently featured in Goldman Sachs’ report The Future of Finance.
Bitspark offers two major services: an exchange and a remittance service. The exchange supports 18 currency pairs and five fiat currencies. The remittance service works in Hong Kong, the Philippines, Indonesia and Australia.
Prior scandals surrounding previous Bitcoin exchanges such as MtGox and Cavitrex make security a huge priority for Bitspark.
“When we think about the next generation of Bitcoin technology, Bitspark is exactly the kind of product that gets us excited,” said Brennen Byrne, CEO of Clef. “It is absolutely critical that we find ways to make Bitcoin useful to more people, and I’m excited that Clef can help make that happen.”
Bitspark chose Clef because of how easy it is to use. Typically, sites that offer two-factor authentication see less than 1 percent of users opt in to protect their accounts, but sites that use Clef have seen more than 50 percent of their users opt in to the safer login. Two-factor authentication – or ‘2FA’ – is a simple feature that asks for more than just a user’s password. To make login seamless, Clef recognizes a user’s phone instead of anything he or she needs to remember or type.
Instead of storing secrets in a central server like other forms of two-factor authentication, Clef is a distributed system for logging in. Private keys are generated and stored on the user’s phone. Nothing secret ever needs to be sent to Clef and therefore no 2FA secrets would be compromised.
“From the first time I saw someone log in with Clef, I knew that this was the future of logging in,” said George Harrap, CEO of Bitspark. “Our whole team got excited about the technology, and the integration was really quick.”
A New Kind of Security
Traditional 2FA requires a user to have two types of credentials before being able to log into an account. 2FA typically asks the users to confirm that it is in fact them trying to access the account.
Examples of this include:
- PIN or password sent via text
- phone call giving a code
2FA security is far from 100 percent secure, as illustrated with the Cavitrex 2FA factor security breach. To hack an account protected by two-factor authentication, hackers must gain access to the physical feature being sent (PIN sent via text to mobile phone). According to CNET, the second way a hacker can gain access through 2FA is by gaining access to the “cookies or tokens placed one the device by the authenticator.”
2FA is not perfect, but it is certainly more secure than a single-factor authentication. 2FA is likely to become the norm, followed by 3FA or 4FA.
Here is how Clef security improves upon the 2FA model: Customers can log into Bitspark on any computer in the world by holding their phones up to a computer screen. Using the phone’s camera and an animation called the “Clef Wave,” the phone seamlessly syncs with the computer and logs the user in.
The process already protects about 50,000 sites and is backed by cryptography. Instead of storing secrets in a central server like other forms of two-factor authentication, Clef is a distributed system for logging in. Private keys are generated and stored on the user’s phone.
By taking advantage of the rapid spread of mobile devices, Clef has built technology that is not only much more secure than traditional logins, but also easier to use. Since 2013, Clef has spread to more than 46,000 sites and received accolades from The New York Times, Inc. Magazine and The Economist.
Clef is funded by Morado Ventures and angel investors from a broad variety of product and security backgrounds.