Vision

[josephwegner]

I'm having my bro test out the extension. He was not a Clef user prior to me asking him to test the extension. He is a pretty medium amount of tech savvy. In my head, he's pretty much exactly the market that Waltz is targeting.

Among some technical issues, his primary feedback is that he no longer understands what Clef does. He originally understood that Clef was a password replacement (which it is). However, the extension brands itself as Clef - we spin the Clef logo, that huge Clef-branded wave page pops up, you use the Clef app. It feels a lot like the extension is Clef. This made my brother think that Clef was actually a password locker.

So there's some things that need to be answered and thought about here:

• What is Waltz? Is it an extension of Clef? Is it a password manager that just happens to use Clef? Is it both? Do we want to market it in one way so it explicitly doesn't seem like the other?
• What are our goals with Waltz? Is it purely a "growth hack" to increase the visibility of Clef? Are we actually trying to build a password manager that does security better than the competition?
• How can we clearly communicate this unusual relationship with Clef to the user?
• Does our target user care? If they just put in a password and never think about it again, will they not know the difference between that and Clef? Or are we working with techies who throw red flags when giving out their passwords?
• At what point are we diluting the Clef brand so much that Waltz is more harm than good?

[josephwegner]

My answers to those questions:

• Waltz is an extension of Clef. I mean, yes, it's really just a password manager, but I don't want it to feel that way. I want it to feel like users are actually using Clef.
• To be honest, my goal with Waltz is simply to drive traffic to Clef. I think Clef has a vast amount of potential, but the biggest struggle is visibility. I want Waltz to bring a Clef-like experience to every site, so that eventually the real Clef experience will replace it. I don't really have one ounce of interest in building a password manager - I've done that, and it sucked - it's not a worthwhile goal. For me, Waltz is a tool for building Clef.
• I think we need to hide away a lot more of the interaction with usernames and passwords. I haven't fully thought through all of these, and some of them may be terrible, but here's some ideas:
  • Make managing usernames and passwords harder. That sounds weird, but if we can tuck those away a little more, people might forget they're there. If they need to update stuff, they will read a bunch of documentation and probably end up learning more about the differences between Waltz and Clef.
  • Make the credential saving process really quick and easy, but really uninteresting. When people think about Waltz, I want them to think about how cool it is that they can click that fancy spinning widget, and get logged in. I don't want them to think about the very nicely designed credential input process.
  • Tell the user what's going on. When the user saves a credential, give them a little indication that their password has been saved locally, and that it can be unlocked using Clef in the future. Perhaps, along with this, we do put more focus on explaining Cydoemus.
  • Encourage users to evangelize Clef. Maybe every once-in-awhile we thank the user for using Waltz to log in, but let them know that the site they're using doesn't natively support Clef. Make it easy for the user to send a tweet about that site not using Clef.
• I'm honestly not sure if our target audience cares. Is our target audience techie people, or not.. Anyone?
• If that majority of users have the same experience as my brother, then we're doing more harm than good. I would rather scrap Waltz than indicate to the masses that Clef is a password manager. I dread one day someone having a conversation and saying "Yeah, I tried that Clef thing.. It was just another crappy password manager thing."

[jessepollak]

@brennenbyrne @landakram

My answers to these questions:

• I've had a really hard time with this one. A lot of times, I've wanted Waltz to be a password manager that just uses Clef. That maybe we could plug in other technologies for Clef. But I think a lot of that want has come from a feeling of wanting to feel neutral. Really, I think that the way I want this in terms of my personal enjoyment of using the technology is to have it really be an extension of Clef. I don't know how we toe that line without it becoming Clef and diluting Clef's brand etc...that was kind of unclear, but I'm pretty unclear with how I feel.
• I think this is two fold. One, I really want to use Clef every day, and while I do with WordPress, that's just not enough. The more I use Clef, the more I love it (using log in and log out with Waltz just entered a whole new feel for me). Using Waltz let's me use Clef more and learn more about Clef in terms of how it interacts with consumers (because I am one). Second, is the distribution play. Distribution is something Clef will always struggle with. It is the hard problem. Really. People love Clef (they really do), but if we can't get it anywhere, it won't matter. If we can create more people like me, you, @brennenbyrne, @lolux, etc, we'll have a powerful community that could sway bigger sites to signing on. And yeah, fuck password managers.
• I agree with this.
  • I think one way we can do this is by just POSTing to the login URL. This will mean the actual username/password fields won't need to be filled.
  • I'm not sure about the making managing passwords harder. I like the idea, but I don't know if it's actually something we want to do.
  • Agreed that we should make it really quick and easy, but uninteresting. Will be interesting trying to figure out how we do this.
  • Yes! I can imagine the awesome animations
  • Yes, yes, yes. As I mention above, people love Clef, so we just need to enable them to evangelize.
• I think our target audience may be explicitly not the tech audience. I've actually been doing a fair amount of thinking about this and I really think that Clef is made for the everyday person. We're making security and usability easy for everyone, not just the privileged few who have had it in the past. If you look at the places people install Clef, it's not super technical sites — it's museums, gyms, and places where non-technical people need to interact with the web in an easy, but secure, way.
• Agreed.

I think that the line here is really tricky. On one hand, we need to keep Clef separate from Waltz. It's a distraction and kind of dilutes our value proposition. On the other hand, we want to make Waltz as much like Clef as possible, so that users really fall in love with Clef, rather than Waltz, and want Clef everywhere (because then Waltz is just one extra, inconvenient step).

I'm not quite sure how we toe this line. That's why I'm so happy we're talking about this now and testing early. There is a huge pool of users out there, if we mess it up for the first couple thousand, it's not that big a deal. I'm confident that we'll be able to find a balance that makes Waltz awesome, but still leaves everyone loving Clef.

[jessepollak]

On a marginally separate note, I just want to thank @josephwegner and @lolux for being awesome supporters of Clef. We have a ton of awesome fans, but you two in particular have been great. Really, @brennenbyrne, @landakram and I run on your support and kind words. All of this is amazingly fun and awesome, but it's also impossibly hard and having the positive reinforcement from outside voices is really powerful.

[ahrussell]

why don't you just marry them already

PS I've been taking a break from studying to look at all of this, and I must say I'm impressed by everything you guys have done! I'm super excited to see Waltz out in the wild (it's been pretty sweet to use and I've been using it about every day - it has its warts but the poc is there and it's going to be even more awesome).

On Mon, Oct 14, 2013 at 10:22 PM, Jesse Pollak notifications@github.comwrote:

On a marginally separate note, I just want to thank @josephwegnerhttps://github.com/josephwegnerand @lolux https://github.com/lolux for being awesome supporters of Clef. We have a ton of awesome fans, but you two in particular have been great. Really, @brennenbyrne https://github.com/brennenbyrne, @landakramhttps://github.com/landakramand I run on your support and kind words. All of this is amazingly fun and awesome, but it's also impossibly hard and having the positive reinforcement from outside voices is really powerful.

— Reply to this email directly or view it on GitHubhttps://github.com/waltzio/waltz/issues/39#issuecomment-26310054 .

[apandhi]

@jessepollak See the problem with posting to the URL is that some sites also attach extra fields to it. Also, how would we fetch the POST data and match it correctly?

But I agree that Clef and Waltz are completely muddled right now. Even to me, Waltz seems like the only real function of clef right now and I often find myself referring to it as Clef.

I don't think that the every day user will adopt this quickly, though. They still have difficulties doing simple things. The niche we can fill, though, is the semi-technical people. The ones that want play with something cool and want an easy way to do things that don't mind going out of their way to install an extension or download an app.

(Sorry I've been MIA. School work is piling up)

[jessepollak]

If I've learned one thing from @brennenbyrne, it's that there's always a way to do things (sometimes you just have to think a little bit out of the box). I'm going to direct this POST discussion back to #34 though because I think it's more appropriate there.

No worries about being MIA, we're just happy to have your thoughts and ideas :D

[jessepollak]

ps. @zrathustra we miss you :) I smiled at that comment.

for those who don't know, @zrathustra was our intern this summer and we miss him very much.

[iamb55]

I've been meaning to chime in for a little bit to contribute my two cents about some of these issues, thanks @josephwegner for spelling a lot of the complexity out! I'm not going to respond exactly in order because my thoughts don't line up exactly, but hopefully this will cover most of my take on the answers.

1) Waltz is a cheat. We built constraints into Clef to make it a clear and simple tool, but we are also bound by those constraints as we build Clef out and try to distribute it. Waltz is someone else breaking the rules so we don't have to. You are helping build what we can't to get Clef into more peoples' hands, which is the only thing that really matters to me.

2) I think the current branding of Waltz is too Clefy. The wave is ours, our logo shows up after login, and the spinner in the corner is ours. I think the tuxedo should live in the corner. The goal isn't for someone to install Waltz and then be tricked into thinking Clef works everywhere in this secondary, password-managing way. This is a separate tool and it should act like it, even as it gets out of the way and makes Clef work as much as possible. I also think that the Waltz logo should persist in the corner until the user is logged in.

3) I firmly believe that Waltz should work on a per-site basis, not heuristically. Clearly, the goal is to get Clef to work in more places, but a 100% reliable experience in most sites I use is much more valuable than a 90% reliable experience in every site I use. I'm more convinced of this after using Waltz over the past few days.

I think we should abstract the per-site configuration into a folder of small config files that follow an easy template. This can live separately from the extension (perhaps on cy?) and be loaded when the plugin launches so that an update isn't required each time a new one is added. This gives us a few advantages -- (1) the experience will be customized for each site and will be more reliable. We could even do the POST login that Jesse has mentioned a little bit above that would be SO COOL. (2) There is a really easy way for people to contribute to the project in a small way (an important quality of any open source project). (3) We can let people request sites through tweets that help spread the word about Waltz.

4) As we think about building Clef, we're trying to build a tool that is for everyone, especially non-technical users. Which is part of the reason we haven't built a Chrome extension as any part of our current product, it's not super easy to install and get set up. I think we have to work within the constraint of where Waltz lives. It is taking a broad tool (Clef) and enabling greater use by a narrower margin of users. That's awesome. I certainly don't think we should market the thing in a way that is isolating, difficult, or technical, but we should know that setting Waltz up does involve a certain amount of complexity and that's part of why we need it.

I'm not useful for writing code any more, but I clearly have plenty of opinions. Now you know them! I couldn't be more excited about this project.

B

[ahrussell]

I agree with much of what @brennenbryne is saying - however I think it's a little dangerous to distance Clef from Waltz. It's good in an idealistic way for all of the reasons that you enumerated, but both Waltz and Clef could benefit greatly from branding themselves as a new way to log in on the web.

Also - I had an idea just a second ago. Once we get the POST login working, we could have the plugin do some CSS magic to "Login with Facebook/Google/Twitter" buttons that allow you to log in using those services with Waltz/Clef, which would help expand Clef/Waltz as an identity platform.

Anyway, I'm off for now, but I'm very intrigued as to how this unfolds.

On Mon, Oct 14, 2013 at 11:05 PM, Brennen Byrne notifications@github.comwrote:

I've been meaning to chime in for a little bit to contribute my two cents about some of these issues, thanks @josephwegnerhttps://github.com/josephwegnerfor spelling a lot of the complexity out! I'm not going to respond exactly in order because my thoughts don't line up exactly, but hopefully this will cover most of my take on the answers.

1) Waltz is a cheat. We built constraints into Clef to make it a clear and simple tool, but we are also bound by those constraints as we build Clef out and try to distribute it. Waltz is someone else breaking the rules so we don't have to. You are helping build what we can't to get Clef into more peoples' hands, which is the only thing that really matters to me.

2) I think the current branding of Waltz is too Clefy. The wave is ours, our logo shows up after login, and the spinner in the corner is ours. I think the tuxedo should live in the corner. The goal isn't for someone to install Waltz and then be tricked into thinking Clef works everywhere in this secondary, password-managing way. This is a separate tool and it should act like it, even as it gets out of the way and makes Clef work as much as possible. I also think that the Waltz logo should persist in the corner until the user is logged in.

3) I firmly believe that Waltz should work on a per-site basis, not heuristically. Clearly, the goal is to get Clef to work in more places, but a 100% reliable experience in most sites I use is much more valuable than a 90% reliable experience in every site I use. I'm more convinced of this after using Waltz over the past few days.

I think we should abstract the per-site configuration into a folder of small config files that follow an easy template. This can live separately from the extension (perhaps on cy?) and be loaded when the plugin launches so that an update isn't required each time a new one is added. This gives us a few advantages -- (1) the experience will be customized for each site and will be more reliable. We could even do the POST login that Jesse has mentioned a little bit above that would be SO COOL. (2) There is a really easy way for people to contribute to the project in a small way (an important quality of any open source project). (3) We can let people request sites through tweets that help spread the word about Waltz.

4) As we think about building Clef, we're trying to build a tool that is for everyone, especially non-technical users. Which is part of the reason we haven't built a Chrome extension as any part of our current product, it's not super easy to install and get set up. I think we have to work within the constraint of where Waltz lives. It is taking a broad tool (Clef) and enabling greater use by a narrower margin of users. That's awesome. I certainly don't think we should market the thing in a way that is isolating, difficult, or technical, but we should know that setting Waltz up does involve a certain amount of complexity and that's part of why we need it.

I'm not useful for writing code any more, but I clearly have plenty of opinions. Now you know them! I couldn't be more excited about this project.

B

— Reply to this email directly or view it on GitHubhttps://github.com/waltzio/waltz/issues/39#issuecomment-26311195 .

[josephwegner]

Well, I think what I'm gathering from this discussion is that we're torn - we pretty equally desire to show off Clef but also don't want the extension to feel like Clef.

I spent a lot of time reading over the thoughts here, and thinking about how to brand Waltz while maintaing those two goals.

I think @brennenbyrne is right - Waltz is too "clefy" right now. I propose that we drop any sort of direct marketing of Clef, and instead focus on the Waltz brand. That means changing the logo spinner from the bottom, removing the "with Clef" from the options, and in general not talking about Clef as the main feature of Waltz.

That said, I think we need to be very intentional about how we talk about Waltz. It can't be a password manager. There's too many well-known password managers that integrate better into people's lives. We don't have mobile apps, we don't have cross-browser coverage - we can't compete on that front.

I think we need to talk about Clef as something entirely different, and entirely better. I don't precisely have the word for it, but IMO these are the things we need to highlight:

• Local storage, end-to-end encryption (we can mention Clef here, but not as a partner - just as a technology)
• Log out once, everywhere
• No more password forms - log in from any page

None of these features have anything to do with passwords. We need passwords to achieve these features, but they're not an important part of Waltz's narrative. These features focus around managing accounts - not passwords. Perhaps Waltz is an "Account Manager", or "Authentication Manager". I would appreciate suggestions for good terminology here :)

If we can build an audience that is excited about forgetting about passwords, they will notice Clef. I mean, it's pretty hard not to notice that whole wave thing. The difference is it will be better communicated that users are logging INTO wave WITH Clef. It's just a new way to get Clef into their faces.

[josephwegner]

For the record, I did really like the idea of encouraging users to tweet about sites that don't use Clef, directly from the app. That's a pretty powerful engagement point.

However, I think that contradicts everything I said in the above. If we're explicitly "selling" Clef from within the extension, it will feel like a Clef app.

Thoughts appreciated.

[lolux]

Wow, this has become a wide-ranging thread! So I feel free to attempt a few philosophical/big picture thoughts with some practical thoughts mixed in about the stuff we're kicking around in this thread and some (tangentially?) related thoughts that have been bouncing around in my head.

If you'll bear with your wannabe-philosopher friend for a minute, I'm going to make a go at the q/a method to come up with some definitions. My aim here is to attempt clarity. Disagreement welcome. I apologize for my prolixity.

What is the essence of Clef? Clef is a smartphone application.

What is the chief end of Clef? Clef's chief end is to provide strong, multi-factor, password-free online authentication. All of Clef's entourage (websites, blogs, servers, APIs, support, etc.) lead back to this mothership.

What practical ends does Clef authentication facilitate? Clef authentication facilitates

• payment authentication
• user authentication
  • general
  • (nearly?) all openID-enabled sites
  • particular
  • WP
  • Drupal
  • the handful of Clef-enabled sites listed herehttps://getclef.com/websites
  • (well, openID could be considered as "particular" instead of general since it is a limited set of sites)

When I look at this (pretty smallish) list, as much as my heart wants to see Clef everywhere on the whole internet, a stark look at reality is that it takes a good bit of tilling the existing soil, digging up the weeds, planting password-free seeds, and watering the seeds before the Clef garden can grow. Is it reasonable, then, to expect that Waltz will be able to go beyond this reality or to weed the garden of passwords more quickly than the existing Clef initiatives? Honestly, I don't know. But it is worth asking, I think, at least in order to keep realistic expectations for Waltz.

What is Clef's (the company's) vision for its own success? Spreading Clef to the whole interwebs? Probably unrealistic. Within reality, what is Clef's vision? I think this question needs a clear answer before one will be able to determine how new initiatives such as Waltz relate to this vision.

If there's ambiguity on this point, then perhaps there needs to be a realistic look at who is leading Clef and who is leading Waltz and then decide together about how the two should relate. Lack of clarity on leadership and vision leads to lack of clarity in planning and execution.

What does the essence of Clef reveal about who Clef's (or Waltz's) target audience is? It reveals that the most basic target audience is all smartphone users, whether techy or non-techy. The bottom line in terms of defining the target audience is this: if you don't have an Android- or iOS-compatible mobile device, you are not a potential Clef user.

There may be some exceptions to the rule here:

1. Potential "customers"/"users" may encounter Clef (and benefit from its authentication security) on a WP website protected by Clef even though they don't yet use Clef for themselves. Not sure how important or large this audience is, however, in terms of making an effort to woo them.
2. Technically, Clef is not exclusively for smartphones. Remember you have at least some tablet/iPad users—I'm one of them! So, the true audience is all Andriod/iOS users.

What do we know about smartphone users? Seems to me that smartphone users is a very large, diverse group. Perhaps you can identify sub-groups within that pool who are more likely to use Clef than others and figure out ways to target your outreach efforts to those groups. For instance, security-conscious consumers (does it follow that users who use such and such security-related apps are more likely to use Clef also?). WP admins who have smartphones are, in my book, one of the highest likely Clef user groups. Attendees at privacy and security conferences. Etc. I'm rambling. But it seems important to ask here: what do we know or what can we learn about smartphone users and how to convince them that they need our app on their phone?

_What is the chief end of Waltz? _Is the chief end of Waltz to promote Clef? No. At least it shouldn't be.

Why not? Because, whether or not we all hate password managers, the chief end of Waltz is to manage passwords securely (or to facilitate Clef-like, password-based, secure sso). And whether Waltz promotes Clef is a tangental issue. Sure, any software project that uses Clef (any part of it) promotes Clef to the extent that its relation with Clef is visible and/or known. But, that promotion is not the main purpose of the Waltz software; it is accidental, not essential.

Again, what is the chief end of Waltz? You guys seem to be saying fuck password managers, let's do something different/better/so fresh and so Clef. However, if it walks like a duck, quacks like a duck, is it not more than likely a duck (even if it sporting a sweet pink bow tie!)?

I hate to say it, but I think the ideal world (a password free, Clef-enabled life) is crashing into the real world (passwords don't seem to be going anywhere soon, and we're stuck managing them somehow at least in the interim). In other words, my answer to the question is that Waltz's chief end is to manage passwords.

Laurence, why can't you replace your existing password manager with Waltz even if you wanted to? I can't replace LastPass with with Waltz because

• Currently, don't know what any of my 100+ passwords are. (I only know my master key.) Hence, I must use LP in order to copy-n-paste my credentials into Waltz, and this seems to defeat the purpose (i.e., I have now doubled my password managers for a seemingly small gain, an aesthetic improvement).
• I can't use Waltz on my iPad or iPhone
• I can't live without the following LP features:
  • secure password sharing to other LP users (esp. for the financial accounts I share with my wife)
  • secure notes (I have sensitive personal info that I need to reference from time to time stored as encrypted notes; also I have several webmaster-related items stored as notes such as database credentials, etc.)
  • LP works everywhere. Even if it doesn't work automatically everywhere (it's heurestics are pretty slick, but not perfect), it allows me to manually input credentials for anywhere that auto-mode doesn't work.

Dude, are you saying you prefer LP over Clef/Waltz? No. A Clef-like experience is highly preferable. I agree that the sso/off feature in particular is a powerful selling point. Also, LP's interface is very non-beautiful, too wordy, and confusing in several places. However, given the nature of the present password-based internet, I can't live without the features noted earlier.

Though it may not seem like it based on what I'm saying, I don't want to discourage Waltz. I actually think it is a really cool project. But I must be honest here about my present reality. Right now, I don't think Waltz would work for me given my needs. (Though I'm happy to encourage development of it nonetheless.)

Are there other ways that Clef might approach password management? Returning to my own experience with LP, recent reports of how far along password cracking has advanced (this in particularhttp://arstechnica.com/security/2013/10/how-the-bible-and-youtube-are-fueling-the-next-frontier-of-password-cracking/3/) cause no small amount of "Oh shiiiiit!" when I consider the crux of my current setup—my master key. Based on this article, my master key—which registers as "strong" in LP's strength test—falls into the easily crackable category. [Insert Clef bumper sticker here!] The Achilles Heel of master-key-based systems seems undermined, or at least way less secure than advertized. Arrrrrg!

Now, to their credit, LP offers a handful of MFA options. Maybe this provides an opening for Clef. If LP would provide the option for users to replace their master key with Clef MFA, wouldn't that be a major improvement/enhancement/win-win for LP users? I think so. The thing I hate most about LP is having to type in my master key. It's long. It takes forever to type on my iPad and iPhone. My wife hates typing it. Etc. A Clef master key replacement would significantly improve my password management experience.

Laurence, how did you became a potential Clef user and then fanatical Clef supporter? In my case, my need for Clef is directly tied to WordPress. My websites were under attack. This freaked me out. I knew I needed a low-cost way to protect my WP sites from botnet attacks without SSL. In Googling around somehow I came upon Clef. I had no idea what it was. I e-mailed you guys to ask about how it worked and whether I needed SSL to make it truly secure. I tried it out for myself and loved it immediately. I made the handful of users for whom I serve as their webmaster start using it. They loved it too. Immediately I saw that this app made my life better, my friends lives better, and I wanted to use it everywhere I could. I saw some additional features that I needed to make it work for killing the bots (force Clef and override), and you guys helped me add them. Boom, Clef saved the day, and my webmaster alter ego sleeps better at night.

Is this experience repeatable? I think so, at least to some degree—if the need can be re-created. I didn't give a rip about WP authentication until I was awakened to the need. One of my sites was literally getting hit by hundreds, sometimes thousands of brute force attempts a day for six to eight weeks. Maybe this is why I still feel deep down that once WP admins discover Clef (how secure it is, how simple and beautiful it is, all the ways it secures the WP login page), they will likely immediately fall in love.

peace (and another apology for the length!), LO

On Tue, Oct 15, 2013 at 9:57 AM, Joe Wegner notifications@github.comwrote:

For the record, I did really like the idea of encouraging users to tweet about sites that don't use Clef, directly from the app. That's a pretty powerful engagement point.

However, I think that contradicts everything I said in the above. If we're explicitly "selling" Clef from within the extension, it will feel like a Clef app.

Thoughts appreciated.

— Reply to this email directly or view it on GitHubhttps://github.com/waltzio/waltz/issues/39#issuecomment-26336052 .

[iamb55]

Woo, lots of good stuff to respond to, thanks @lolux. Before I talk about Laurence's post I want to make 3 quick notes about @josephwegner and @zrathustra's comments.

1) When someone logs in with Waltz, they're necessarily going to use the Clef app. They're going to see the Clef Wave. I don't think we have to worry about them "getting" that they're using Clef. I think using the Waltz logo for things that are Waltz-specific is a lot more clear and useful. However, I also think that Waltz should talk about Clef as a big part of its messaging. If it tries to leave Clef out, I think it will be confusing to new users.

2) I love the idea of an "account manager" vs. "password manager". I need to put a few more cycles into the messaging around this, but I think it's definitely the right approach.

3) I hadn't thought enough about the tweet that would go out for unsupported sites, but I think there's still something for us to do here. The prompt could be "We haven't added support for this site yet, but you can ask us for it by tweeting 'I love @Waltz, but need it to work on ____'". That way we get people tweeting about Waltz to their followers, make it easy to crowdsource requests for more sites to add (a bot might even collect them and add them as a certain kind of tagged issue in whatever repo holds the config files with a count of number of requests).

Now to Laurence's thoughts.

Our goal with Clef is to power logins everywhere on the web. We have a long way to go and a lot of smaller goals to reach before we can really think about tackling a problem that large, but we're dreaming big. (Logins are super interesting, but there's a whole philosophy around identity, personal ownership, and empowerment along with thinking about market trends and the technology of something I call "mechanical empathy" that go into our motivations for why this is something worth building and why it's the right time to build it, but that would be a much longer conversation)

What role does Waltz play in all of that? On day one of building Clef, we tried to sell it to sites as a better login system for them to use. They wanted to wait until we had users. So we tried to get people to download the app, but there was nothing for them to use it with. The "chicken or the egg" problem of building a tool like Clef is a huge hurdle to getting it started.

Which is why we've pushed so hard on WordPress to start. On WordPress, you don't need anyone else's permission to use Clef, and we've been able to grow a ton really quickly inside a community that we've fallen in love with. But one of the most interesting things about working on something like Clef is that it becomes more valuable the more people who use it, and the more sites where they can use it. We've gotten it off the ground, now we need to make it fly. That means looking for places where we can already provide value (e-commerce) and looking for other ways to rapidly expand the Clef footprint.

Waltz lets us sign up a lot more users without waiting on all of the sites to adopt it. We never wanted Clef to be a password manager, but it could be a great fit for the master key of password managers (working on Waltz doesn't preclude working with LastPass, but might actually make it easier). Building one that subverts itself to the Clef login process can be especially powerful for spreading Clef to more users. More people with our app, more visibility for the product, and more leverage when we talk to the sites about deeper integrations all make it really valuable to our mission.

So, there are a few things we have to remember while we work on Waltz. The first is not to forget WordPress and to keep growing the enthusiastic user base we've built there. We released 1.8 today with better setup and support for Multisite, and I'll be in Boston in 2 weeks to give my talk about security and keep engaging with the community. I had coffee with Matt Mullenweg at the beginning of October, and WordPress is something we're still very committed to.

Second, even as we expand the things Clef does, we have to keep simplifying the way we talk about it and the message we're sending consumers. Our product is radical and new, and explaining it can be hard. We have to keep doing a better job making Clef more accessible and easier to use to get it into more people's hands.

Last, we have to manage both the micro and macro scales of Clef's development. We have to maintain our larger vision while we also focus on our day to day. We're a small team with a lot on our plate and even more on our minds, distractions can be fatal.

I think Waltz is really exciting and definitely worth the energy we're putting into it, but it's also something we've had to handle carefully because there is room for it to hurt us.

[lolux]

Well said. There is clarity, vision, hope, and realism in these words. Surely, the only fitting reply is (wait for it...here it comes...) BOOM!

On the "evangelism" bit, I'll keep doing what I've been doing (i.e., trying to reach out to the places where I want to use Clef), but I want you to be quick to tell me if I ever overstep, become annoying, or do something you guys don't like, etc.

Also, I haven't forgotten Jesse's reply to my invite, and I'm seriously considering attending at least the Saturday part of WordCamp Orlando, but I need to get the lowdown on it from you guys (maybe Brennen, since you've been to a bunch of em) and ask you a bunch of questions about it, first of which is: whether it would do any good for Clef for a non-Apple-store-hippster-looking 30 something like me trying to get the word out for Clef at WC. Once I rejoing the land of the living (been real sick lately), let's setup a brief chat or maybe even go all out with a phone call or vid chat.

Laurence O’Donnell .: http://deDeo.org http://dedeo.org/ :. “In Thy light we see light” (Psalm 36:9)

[iamb55]

Thanks @lolux, I'd be happy to talk any time!

Brennen Byrne CEO and Co-founder of Clef http://getclef.com b@getclef.com (415)-580-2533

On Wed, Oct 16, 2013 at 6:03 PM, lolux notifications@github.com wrote:

Well said. There is clarity, vision, hope, and realism in these words. Surely, the only fitting reply is (wait for it...here it comes...) BOOM!

On the "evangelism" bit, I'll keep doing what I've been doing (i.e., trying to reach out to the places where I want to use Clef), but I want you to be quick to tell me if I ever overstep, become annoying, or do something you guys don't like, etc.

Also, I haven't forgotten Jesse's reply to my invite, and I'm seriously considering attending at least the Saturday part of WordCamp Orlando, but I need to get the lowdown on it from you guys (maybe Brennen, since you've been to a bunch of em) and ask you a bunch of questions about it, first of which is: whether it would do any good for Clef for a non-Apple-store-hippster-looking 30 something like me trying to get the word out for Clef at WC. Once I rejoing the land of the living (been real sick lately), let's setup a brief chat or maybe even go all out with a phone call or vid chat.

Laurence O’Donnell .: http://deDeo.org http://dedeo.org/ :. “In Thy light we see light” (Psalm 36:9)

— Reply to this email directly or view it on GitHubhttps://github.com/waltzio/waltz/issues/39#issuecomment-26472201 .

[josephwegner]

I've started the rebrand in https://github.com/waltzio/waltz/tree/feature-rebrand

So far:

• Name, icon, description updates
• Options page wording
• Waltz icon in corner widget
• minimalistic (forgettable) login form