Cloudflare named in Gartner® Magic Quadrant™ for SSE for 2nd year. Announcement >

Activate phishing-resistant MFA

Thwart phishers with security keys and Zero Trust
  • Targeted account takeover and supply chain attacks are some of the most dangerous threat vectors
  • Acquire, activate, and authenticate every access request with FIDO-compliant security keys, like YubiKeys

Case study

Cloudflare stopped an SMS phishing attack

More than 130 companies have recently been targeted in a series of similar account takeover attacks through social engineering. Our strong authentication, as part of our larger Zero Trust strategy, caused the threat actor to fail.

How we stopped it with security keys

Cloudflare’s security team received reports of (1) employees receiving legitimate-looking text messages pointing to what appeared to be (2) Cloudflare’s Okta login page. While the threat actor attempted to log in with compromised credentials (3-4), they could not get past the security key requirement that Cloudflare Zero Trust activated.

While security keys are not a silver bullet against all attacks, they strengthen the barrier and work in conjunction with additional Zero Trust security measures such as DNS filtering, browser isolation, cloud email security, and more.

Read the case study

Selectively enforce strong authentication

Don't just support it. Require it.
  • Identity providers may support strong authentication but may not allow you to truly require it
  • Ensure FIDO2 authentication is required, especially for apps housing sensitive data, and enforce per user, app, geography, or group

Roll out strong authentication everywhere

ZTNA makes it easy
  • Broad MFA support exists for cloud services, but this can be more difficult with legacy or non-web apps
  • ZTNA acts as an aggregation layer around all your SaaS, self-hosted, and non-web resources, which makes strong authentication easier to enforce across all of them

End phishing attacks once and for all