激活防反钓鱼的 MFA

使用安全密钥和 Zero Trust 的 Thwart 钓鱼程序
防钓鱼 MFA|安全密钥
  • 针对性的帐户接管 供应链攻击是一些最危险的威胁手段
  • 使用符合 FIDO 的安全密钥(如 YubiKeys)获取、激活并验证每个访问请求
防钓鱼 MFA|安全密钥
Cloudflare 的不同之处
Security key icon
Reduce multi-channel phishing risk

Avoid vulnerabilities of other authentication methods. Unlike one-time PINs, FIDO2 MFA cannot be intercepted by an attacker. Implement MFA broadly — and require it — through Zero Trust policies.

Enhance your access management

Augment your identity provider (or multiple providers) with Zero Trust Network Access (ZTNA) to easily enforce FIDO2 MFA across more resources.

安全护盾保护图标
Maximize MFA impact

Avoid vulnerabilities of other authentication methods. Unlike one-time PINs, FIDO2 MFA cannot be intercepted by an attacker. Implement MFA broadly — and require it — through Zero Trust policies.

HOW IT WORKS

Defeat phishing with FIDO2 MFA and Cloudflare

[ZT PMM] Phishing resistant MFA - HOW IT WORKS - Image diagram

Cloudflare’s Zero Trust platform can enforce FIDO2 MFA consistently across SaaS, self-hosted, and non-web resources.

  • Implement Cloudflare’s ZTNA service to apply strict contextual verification for accessing all your organization’s resources.
  • Bolster security with FIDO2-compliant MFA that makes it nearly impossible to intercept or steal users’ credentials.
  • Selectively enforce strong MFA, starting with sensitive apps. Go beyond just supporting FIDO2 MFA and start to require it.
  • Enable broad deployment. Not all apps support FIDO2 MFA natively. As an aggregation layer, Cloudflare’s ZTNA service helps roll it out to all resources.
查看 SASE 参考架构
[ZT PMM] Phishing resistant MFA - HOW IT WORKS - Image diagram
Halting an SMS phishing attack on Cloudflare

The Cloudflare security team needed to rapidly address a phishing attack that attempted to harvest and then use Okta login credentials from employees. Though the attackers successfully stole credentials and attempted to log in, they could not overcome the security key login requirement of Cloudflare’s Zero Trust implementation.

Requiring FIDO2-compliant MFA, like security keys, as part of Zero Trust access policies for all users and apps can strengthen the barrier against multichannel phishing attacks.

“While the attacker attempted to log in to our systems with compromised credentials, they could not get past the hard key requirement.”

Ready to discuss phishing-resistant MFA?

WHY CLOUDFLARE

Cloudflare’s connectivity cloud restores control and visibility to IT environments

Using Cloudflare’s unified platform of cloud-native services, you can implement a Zero Trust security model with strong MFA capabilities that conquer phishing schemes.

network-scale
Composable architecture

Address diverse security and networking needs with extensive interoperability and customizable networking.

Lightning bolt icon
性能

利用与 95% 互联网用户距离约 50 ms 的全球网络,提供更好的用户体验。

威胁情报

在代理约 20% Web 和每日阻止 ~1580 亿次威胁的过程中收集丰富情报,从而阻止更多攻击。

同一界面

将每项混合办公安全服务整合到单一界面中,减少工具泛滥和警报疲劳。