/plushcap/analysis/cloudflare/how-cloudflare-implemented-fido2-and-zero-trust

How Cloudflare implemented hardware keys with FIDO2 and Zero Trust to prevent phishing

What's this blog post about?

Cloudflare has transitioned from a traditional "castle and moat" VPN architecture to a more secure multi-factor authentication (MFA) protocol called FIDO2/WebAuthn for its employees. The company now uses hardware security keys, such as YubiKeys, which implement the FIDO standards, making their system phishing-resistant. Cloudflare has also migrated all of its applications and servers to Zero Trust access proxy, allowing secure access to internal sites using security keys. This move has improved role-based access control and enforced the principle of least privilege. The company is now working on integrating security keys with SSH connections for a unified approach to identity and access management.

Company
Cloudflare

Date published
Sept. 29, 2022

Author(s)
Evan Johnson, Derek Pitts

Word count
1643

Language
English

Hacker News points
6


By Matt Makai. 2021-2024.