CAN you avoid passwords? Almost, if you replace them with something else, and one possible replacement is a thing called Clef.

Passwords: everyone hates them, and everyone has to use them. But the people from one Californian tech firm want to get rid of them forever.

Clef ( is an app that sits on your phone. It generates two codes, a private key and a public key. The private key stays on your phone, encrypted and safe from prying eyes. The public key is sent to Clef HQ over the internet.

The really clever stuff happens when you want to log in to a website on your computer. Assuming that site has set up Clef, there’ll be a button you can click saying “Log in with Clef”.

Next, you’ll see a strange animated pattern on your computer screen – hold up your phone to scan that pattern with your phone’s camera.

That triggers a digital signature, sent from your phone to Clef – but in encrypted form. Because Clef has a copy of your private key, they can decrypt the message and check who sent it. Now they know that it’s you trying to log in to that website, and send a message back to the site saying: “This is the right person, let them in.”

It sounds complicated, but it should all happen in a fraction of a second. It’s an example of what’s called “two-factor authentication”, which combines something you know with something you have (in this case, your phone).

If your phone gets lost or stolen, you can log into your Clef account on the web (using the same PIN) and deactivate the Clef app remotely, so it can’t be used by someone pretending to be you. It’s not a perfect solution, and the problem with third party systems like this is that you’re dependent on lots of website owners deciding to set up Clef’s software at their end. Until that happens, Clef is going to be a bit of a niche product.

You can use two-factor authentication on all sorts of websites already, including Google and Facebook. Rather than use special software, they use good old fashioned text messages to check your identity. It’s less hassle, almost as quick, and very reliable.

As a general rule, you should always set up two-factor when you’re offered the chance. It’s better to be safe than be hacked.