Internet infrastructure company Cloudflare says the same attackers that went after Twilio also sent Cloudflare employees malicious SMS messages with links to phishing sites dressed up as an official company website. Despite employees at both companies taking the bait, Cloudflare said attackers were unable to snatch the full logon credentials of its workers because the company’s second layer of authentication isn’t time-limited one-time codes. Instead, every employee at the company is issued a FIDO2-compliant security key from a vendor like YubiKey. Although the attackers siphoned the credentials, the hard key authentication requirement stopped them from snatching a soft token that fooled employees otherwise would have entered into the phishing site.
-
About The AllianceAlliance MembershipSpecifications
-
FIDO User Authentication
-
FIDO Device Onboard
-
FIDO CertificationsFind Certified ProductsFIDO Accredited LaboratoriesAdministrative
-
Discover FIDO
-
Latest Updates
More FIDO in the News
Biometric Update: It’s World Passkey Day, actually: trust, adoption grows for FIDO credential
World Password Day is no longer. The annual day to promote secure password practices has…
PC Mag: RIP Passwords: Microsoft Moves to Passkeys as the Default on New Accounts
Anyone setting up a new Microsoft account will soon find they’re encouraged to use a passkey during…
The Verge: Microsoft goes passwordless by default on new accounts
After supporting passwordless Windows logins for years and even allowing users to delete passwords from their accounts, Microsoft…
