Keeping our users safe

Cloudflare emphasizes the importance of account security and highlights that attackers often exploit weak credentials or credential theft to gain access. The company advises users to change their passwords promptly if they suspect unauthorized access, as reusing the same credentials across multiple sites can lead to account compromises even years after a breach has occurred. Malicious software such as browser extensions and phishing emails are also common methods used by attackers to steal sensitive data. Cloudflare stores user passwords using complex, salted hash algorithms and ensures that API keys are unique and stored in secure databases. The company is working on improving its API security with features like CAPTCHA protection for API keys and exploring options like scoped API keys and token types. Users can also take steps to enhance their account security by enabling two-factor authentication, regularly updating browser extensions, and being cautious when clicking links in emails.