I don't know if clef does this, but for SQRL (similar, but uses QR codes, is open source, and doesn't rely on a 3rd party), it relies on the fact that the website URL will be embedded in the QR code (along with a signature) and that the app will show that URL to the user for them to confirm.
This isn't strictly stronger than standard password MITM (phishing), because unattentive uesrs could still just click through without checking the URL or the https status. IMO it is still an improvement because it makes that step explicit, and gives us a chance to put some nicer UI and programmatic checks around it (warning about weird unicode tricks, high similarity to previously used domain names, ...).
Also, both Clef and SQRL use public-private key authentication, so if a bad guy does successfully MITM someone, they only get one session to do bad stuff as opposed to knowing the password and being able to re-authenticate wherever. Obviously this is pretty poor security (it only takes one login to empty someone's bank account...) but for some applications it might be significant - notably for websites require you to re-authenticate to take destructive action.
This isn't strictly stronger than standard password MITM (phishing), because unattentive uesrs could still just click through without checking the URL or the https status. IMO it is still an improvement because it makes that step explicit, and gives us a chance to put some nicer UI and programmatic checks around it (warning about weird unicode tricks, high similarity to previously used domain names, ...).
Also, both Clef and SQRL use public-private key authentication, so if a bad guy does successfully MITM someone, they only get one session to do bad stuff as opposed to knowing the password and being able to re-authenticate wherever. Obviously this is pretty poor security (it only takes one login to empty someone's bank account...) but for some applications it might be significant - notably for websites require you to re-authenticate to take destructive action.