Internet infrastructure company Cloudflare says the same attackers that went after Twilio also sent Cloudflare employees malicious SMS messages with links to phishing sites dressed up as an official company website. Despite employees at both companies taking the bait, Cloudflare said attackers were unable to snatch the full logon credentials of its workers because the company’s second layer of authentication isn’t time-limited one-time codes. Instead, every employee at the company is issued a FIDO2-compliant security key from a vendor like YubiKey. Although the attackers siphoned the credentials, the hard key authentication requirement stopped them from snatching a soft token that fooled employees otherwise would have entered into the phishing site.


More

Tech Radar: Bitwarden now supports passkeys on iOS devices

Popular free password manager Bitwarden now supports passkeys on iOS devices. The news follows the…

Read More →

GB News: Elon Musk just killed passwords on X, here’s what you need to use a passkey to login

Passkeys were developed by the FIDO Alliance, an industry body with the stated aim of…

Read More →

Dark Reading: Selecting the Right Authentication Protocol for Your Business

Authentication protocols like passkeys serve as the backbone of online security, enabling users to confirm…

Read More →


123238 Next