The effectiveness of hardware-based MFA keys was brought to light as both Twilio and Cloudflare were targeted with sophisticated phishing attacks, but only the latter prevented a full attack thanks to the company-wide use of FIDO keys in addition to MFA security prompts.