Cloudflare has made significant improvements in multi-factor authentication (MFA) adoption since signing the Cybersecurity and Infrastructure Security Agency (CISA) Secure By Design pledge in May 2024. The company has introduced support for social logins with Apple and Google, which provides a seamless and robust layer of security, and automatically detects and notifies users who are using known, leaked passwords. Cloudflare also encourages every user to enable at least one additional authentication factor to better protect their account. The most effective defense against evolving threats is MFA, which can block 99.9% of automated attacks, reducing the risk of unauthorized access even if credentials are compromised. Users on Cloudflare are protected by the built-in challenge system, and the company supports multiple MFA methods, including phishing-resistant security keys, hardware keys, and Time-Based One-Time passwords using mobile authenticator apps.