啟用防網路釣魚攻擊的 MFA

使用安全金鑰和 Zero Trust 遏止網路釣魚者
防網路釣魚攻擊的 MFA | 安全金鑰
  • 針對性帳戶盜用及供應鏈攻擊是一些最危險的威脅手段
  • 使用符合 FIDO 規範的安全金鑰(如 YubiKey)擷取、啟用及驗證每一個存取請求
防網路釣魚攻擊的 MFA | 安全金鑰
Cloudflare 的不同之處
Security key icon
Reduce multi-channel phishing risk

Avoid vulnerabilities of other authentication methods. Unlike one-time PINs, FIDO2 MFA cannot be intercepted by an attacker. Implement MFA broadly — and require it — through Zero Trust policies.

Enhance your access management

Augment your identity provider (or multiple providers) with Zero Trust Network Access (ZTNA) to easily enforce FIDO2 MFA across more resources.

安全護盾保護圖示
Maximize MFA impact

Avoid vulnerabilities of other authentication methods. Unlike one-time PINs, FIDO2 MFA cannot be intercepted by an attacker. Implement MFA broadly — and require it — through Zero Trust policies.

HOW IT WORKS

Defeat phishing with FIDO2 MFA and Cloudflare

[ZT PMM] Phishing resistant MFA - HOW IT WORKS - Image diagram

Cloudflare’s Zero Trust platform can enforce FIDO2 MFA consistently across SaaS, self-hosted, and non-web resources.

  • Implement Cloudflare’s ZTNA service to apply strict contextual verification for accessing all your organization’s resources.
  • Bolster security with FIDO2-compliant MFA that makes it nearly impossible to intercept or steal users’ credentials.
  • Selectively enforce strong MFA, starting with sensitive apps. Go beyond just supporting FIDO2 MFA and start to require it.
  • Enable broad deployment. Not all apps support FIDO2 MFA natively. As an aggregation layer, Cloudflare’s ZTNA service helps roll it out to all resources.
請參見 SASE 參考架構
[ZT PMM] Phishing resistant MFA - HOW IT WORKS - Image diagram
Halting an SMS phishing attack on Cloudflare

The Cloudflare security team needed to rapidly address a phishing attack that attempted to harvest and then use Okta login credentials from employees. Though the attackers successfully stole credentials and attempted to log in, they could not overcome the security key login requirement of Cloudflare’s Zero Trust implementation.

Requiring FIDO2-compliant MFA, like security keys, as part of Zero Trust access policies for all users and apps can strengthen the barrier against multichannel phishing attacks.

“While the attacker attempted to log in to our systems with compromised credentials, they could not get past the hard key requirement.”

Ready to discuss phishing-resistant MFA?

WHY CLOUDFLARE

Cloudflare’s connectivity cloud restores control and visibility to IT environments

Using Cloudflare’s unified platform of cloud-native services, you can implement a Zero Trust security model with strong MFA capabilities that conquer phishing schemes.

network-scale
Composable architecture

Address diverse security and networking needs with extensive interoperability and customizable networking.

Lightning bolt icon
效能

透過可在約 50 毫秒內連線至約 95% 的網際網路使用者的全球網路,提供更佳的使用者體驗。

威脅情報

使用從代理約 20% 的 Web 流量和每日封鎖 ~1580 億次威脅收集而來的情報,防止更多攻擊。

統一介面

透過將每一項混合式工作安全服務統一在一個 UI 中,減少工具氾濫和警示倦怠。