All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Cloudflare Fundamentals - Introducing email two-factor authentication

8mo ago

Source

CloudflareCloudflare Fundamentals - Introducing email two-factor authenticationcloudflare.com
Snippet from the RSS feed
Two-factor authentication (2FA) is one of the best ways to protect your account from the risk of account takeover. Cloudflare has offered phishing resistant 2FA options including hardware based keys (for example, a Yubikey) and app based TOTP (time-based one-time password) options which use apps like Google or Microsoft's Authenticator app. Unfortunately, while these solutions are very secure, they can be lost if you misplace the hardware based key, or lose the phone which includes that app. The result is that users sometimes get locked out of their accounts and need to contact support. Today, we are announcing the addition of email as a 2FA factor for all Cloudflare accounts. Email 2FA is in wide use across the industry as a least common denominator for 2FA because it is low friction, loss resistant, and still improves security over username/password login only. We also know that most commercial email providers already require 2FA, so your email address is usually well protected already. You can now enable email 2FA on the Cloudflare dashboard: Go to Profile at the top right corner. Select Authentication . Under Two-Factor Authentication , select Set up . Sign-in security best practices Cloudflare is critical infrastructure, and you should protect it as such. Review the following best practices and make sure you are doing your part to secure your account: Use a unique password for every website, including Cloudflare, and store it in a password manager like 1Password or Keeper. These services are cross-platform and simplify the process of managing secure passwords. Use 2FA to make it harder for an attacker to get into your account in the event your password is leaked. Store your backup codes securely. A password manager is the best place since it keeps the backup codes encrypted, but you can also print them and put them somewhere safe in your home. If you use an app to manage your 2FA keys, enable cloud backup, so that you don't lose your keys in the event you lose your phone. If you use a custom email domain to sign in, configure SSO . If you use a public email domain like Gmail or Hotmail, you can also use social login with Apple, GitHub, or Google to sign in. If you manage a Cloudflare account for work: Have at least two administrators in case one of them unexpectedly leaves your company. Use SCIM to automate permissions management for members in your Cloudflare account.

You might also wanna read

Authentication Reference Implementation for Cloudflare Workers with PBKDF2, JWT Sessions, and NIST Compliance

This article presents a comprehensive authentication reference implementation for Cloudflare Workers that serves as an educational resource

github.com·4mo ago

Cloudflare launches temporary accounts for AI agents to bypass human signup flows

Cloudflare is launching Temporary Accounts for AI agents, allowing them to deploy websites, APIs, and other agents instantly without going t

blog.cloudflare.com·14d ago

Cloudflare launches temporary accounts for AI agents to bypass human signup flows

Cloudflare is launching Temporary Accounts for AI agents, allowing them to deploy websites, APIs, and other agents instantly without going t

Cloudflare·14d ago

Cloudflare Web Bot Auth: Cryptographic Authentication for Automated Bots

Web Bot Auth is an authentication method that uses cryptographic signatures in HTTP messages to verify automated bot requests. It serves as

developers.cloudflare.com·10mo ago

Cloudflare Email Service Enters Public Beta for AI Agent Integration

Cloudflare has launched its Email Service into public beta, providing infrastructure for developers to integrate email capabilities into AI

blog.cloudflare.com·2mo ago

Cloudflare launches Email Service private beta with native Workers integration

Cloudflare is launching a new Email Service in private beta that allows developers to send and receive email directly from Cloudflare Worker

blog.cloudflare.com·9mo ago

Cloudflare Email Service Enters Public Beta for AI Agent Integration

Cloudflare has launched its Email Service into public beta, enabling developers to integrate AI agents with email infrastructure. The servic

Product Hunt·12d ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.