Dear Cloudflare security team,
I want to address an issue regarding your partner site EZOIC. I have signed up on their website and they want to access my website’s DNS records for traffic analysis etc…
They are prompting me to enter my Cloudflare username and password. I’m not comfortable sharing my whole account just for the sake of one website verification. They will have access to all of my websites that are on Cloudflare.
The next big issue is that they are taking my credentials in plain text format. This is a big concern as well, Why not just login with the Cloudflare app and authorize only the concerned website?
As a security company and partner with them, Cloudflare should impose a strict security layer like in general, we log in with Google and any related services and we gave access to only concerned app and service.