August 15, 2022

DataBreach Today: Hardware MFA Stops Attack on Cloudflare

Internet infrastructure company Cloudflare says the same attackers that went after Twilio also sent Cloudflare employees malicious SMS messages with links to phishing sites dressed up as an official company website. Despite employees at both companies taking the bait, Cloudflare said attackers were unable to snatch the full logon credentials of its workers because the company’s second layer of authentication isn’t time-limited one-time codes. Instead, every employee at the company is issued a FIDO2-compliant security key from a vendor like YubiKey. Although the attackers siphoned the credentials, the hard key authentication requirement stopped them from snatching a soft token that fooled employees otherwise would have entered into the phishing site.

MORE FIDO in the News


CISO Series: Cyber Security Headlines: Bypassing patches, ChatGPT polymorphic malware, Bitwarden goes passwordless

Bitwarden acquires Passwordless.dev – This marks the first acquisition for...

January 20, 2023

Forbes: Thousands Of PayPal Accounts Hacked—Is Yours One Of Them?

According to a PayPal notice of security incident dated January...


B2B Cyber Security: Cybersecurity Trends for 2023

Perhaps the FIDO Alliance’s passkey solution is the first truly...


Sky News: ‘Passkeys’ mean you ‘never need to know a password’

Image Matrix Tech Editor Djuro Sen says “passkeys”, developed by...

Download Authn Specs
Sign up for updates!Get news from FIDO Alliance in your inbox.

By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, http://www.fidoalliance.org. You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.