While it is important to protect the user login credentials and so on it is not the Cloudflare responsibility to harden the security of accounts. The email-token system is working one in ten times, some of my accounts are inaccessible at all as I do not receive email confirmations.
I don’t suppose that I am the only person experiencing such problems on everyday basis. Please conduct a testing before you put that […] into production. I am sure the system should be disabled until it will be fit for a wild. As for the security architecture I am sure it is not useful at all.
The account access feature works for me every time, and for a company like Cloudflare likely went through many rounds of QA testing.
Try checking your spam/junk folders, whitelisting the Cloudflare domain on your mail server/mail provider, and contacting support about the issue, login to Cloudflare and then contact Cloudflare Support.
Of course I’ve checked the spam. Of course I’ve sent mail to suppport@. They unblock it for a while and then all repeat anew. I have muiltiple accounts and many of them are affected. I’ve always received the mail from CF without any obstacles.