Activate phishing-resistant MFA with Cloudflare
Thwart phishing scams by enforcing strong authentication
Phishing remains one of the most prevalent kinds of threats—and it is often just the first step in a larger attack. Implementing FIDO2-compliant multi-factor authentication (MFA) as part of a Zero Trust security approach neutralizes the threat posed by multi-channel phishing.
The Cloudflare difference
Reduce multi-channel phishing risk
Avoid vulnerabilities of other authentication methods. Unlike one-time PINs, FIDO2 MFA cannot be intercepted by an attacker. Implement MFA broadly — and require it — through Zero Trust policies.
Enhance your access management
Augment your identity provider (or multiple providers) with Zero Trust Network Access (ZTNA) to easily enforce FIDO2 MFA across more resources.
Maximize MFA impact
Avoid vulnerabilities of other authentication methods. Unlike one-time PINs, FIDO2 MFA cannot be intercepted by an attacker. Implement MFA broadly — and require it — through Zero Trust policies.
HOW IT WORKS
Defeat phishing with FIDO2 MFA and Cloudflare
Cloudflare’s Zero Trust platform can enforce FIDO2 MFA consistently across SaaS, self-hosted, and non-web resources.
- Implement Cloudflare’s ZTNA service to apply strict contextual verification for accessing all your organization’s resources.
- Bolster security with FIDO2-compliant MFA that makes it nearly impossible to intercept or steal users’ credentials.
- Selectively enforce strong MFA, starting with sensitive apps. Go beyond just supporting FIDO2 MFA and start to require it.
- Enable broad deployment. Not all apps support FIDO2 MFA natively. As an aggregation layer, Cloudflare’s ZTNA service helps roll it out to all resources.
![[ZT PMM] Phishing resistant MFA diagram](/cdn-cgi/image/format=auto/https://cf-assets.www.cloudflare.com/v2/image/nhkj7dn5ap4l11qvvp9gk2mu2e/How_it_works_Diagram_for_FIDO2_authentication.webp)
What our customers are saying
The Cloudflare security team needed to rapidly address a phishing attack that attempted to harvest and then use Okta login credentials from employees. Though the attackers successfully stole credentials and attempted to log in, they could not overcome the security key login requirement of Cloudflare’s Zero Trust implementation.
Requiring FIDO2-compliant MFA, like security keys, as part of Zero Trust access policies for all users and apps can strengthen the barrier against multichannel phishing attacks.
“While the attacker attempted to log in to our systems with compromised credentials, they could not get past the hard key requirement.”
Ready to discuss phishing-resistant MFA?
WHY CLOUDFLARE
Cloudflare’s connectivity cloud restores control and visibility to IT environments
Using Cloudflare’s unified platform of cloud-native services, you can implement a Zero Trust security model with strong MFA capabilities that conquer phishing schemes.
Composable architecture
Address diverse security and networking needs with extensive interoperability and customizable networking.
Performance
Deliver better user experiences with a global network that is approximately 50 ms from ~95% of Internet users.
Threat intelligence
Prevent more attacks with intelligence gleaned from proxying ~20% of the web and blocking ~215 billion threats daily.
Unified interface
Reduce tool sprawl and alert fatigue by uniting every hybrid work security service in one UI.
Resources
Case study
How Cloudflare stopped a targeted phishing attack
Read how Cloudflare’s Zero Trust approach, including security keys, helped thwart a targeted phishing attack.
BLOG POST
How Cloudflare implemented security keys
Learn the steps Cloudflare took to roll out FIDO2 security keys and Zero Trust to all apps and employees.