Internet infrastructure company Cloudflare says the same attackers that went after Twilio also sent Cloudflare employees malicious SMS messages with links to phishing sites dressed up as an official company website. Despite employees at both companies taking the bait, Cloudflare said attackers were unable to snatch the full logon credentials of its workers because the company’s second layer of authentication isn’t time-limited one-time codes. Instead, every employee at the company is issued a FIDO2-compliant security key from a vendor like YubiKey. Although the attackers siphoned the credentials, the hard key authentication requirement stopped them from snatching a soft token that fooled employees otherwise would have entered into the phishing site.
-
About The AllianceAlliance MembershipSpecifications
-
FIDO User Authentication
-
FIDO Device Onboard
-
FIDO CertificationsFind Certified ProductsFIDO Accredited LaboratoriesAdministrative
-
Discover FIDO
-
Latest Updates
More FIDO in the News
Take On Payments: FIDO Tightens Authentication’s Leash
This post from the blog Take On Payments, sponsored by the Retail Payments Risk Forum…
One World Identity: Open Sesame: Building Authentication Standards
Host Cameron D’Ambrosi joins FIDO Alliance Executive Director Brett McDowell to discuss the oft-foretold death…
The Wall Street Journal: Aetna Adds Behavior-Based Security to Customer Application
Insurance giant Aetna is rolling out a consumer mobile app that uses FIDO Authentication with…
