[ngpio]

I'm glad there's movement in this space. It's desperately needed. Password managers are great but difficult to extend to all use-cases. When a generated password cannot be easily copy-pasted, the whole system feels unwieldy.

But Clef doesn't seem to solve anything in that respect. It solves some of the same problems that password managers do but with extra environmental requirements.

I can see the Clef mechanism being useful for 2-factor authentification. But I'm unenthused with (and wary of) its current instantiation as a login skeleton key. If I were Clef, I'd set my sights lower and rebrand as a drop-in 2-factor auth system to be optionally enabled by users.

> Clef puts military grade cryptography in the hands of every user

This kind of line is deceptive for 99% of end-users and turns off the 1% who might be helpful as developers.

[serverascode]

Where do they say military grade? That's always a bit of a red flag for me.

[jessepollak]

This is actually something we thought we removed everywhere. I just grep'd our repo, found one lingering instance, and committed it out (will deploy when the traffic goes down). We understand it's deceptive and recognize the need to communicate to our users why Clef is more secure than usernames and passwords in a straightforward way.

[tscherno]

Here: https://getclef.com/developer/

Also: https://www.schneier.com/crypto-gram-9902.html#snakeoil