Thanks Cloudflare, you just made your platform less secure

I have now removed 2 factor authentication simply because you refuse to remember my computer and force a new login with a new code every single time I want to login.

Thanks for making my account and your platform less secure.

Stupid is how stupid does :slight_smile:

Why do you blame Cloudflare for something you have done?
Instead of asking why they ask so often for 2FA verification, or asking to not ask so often for 2FA verification you just took an action, and now you are complaining.

I also think they ask often for 2FA authentication, but tbh … if someone hacks my computer they would have free access to Cloudflare if they hack a remembered/trusted computer, but not if Cloudflare asks for 2FA every time. The more often they ask the more secure it gets. If you are to lazy and don’t want to validate your account with 2FA when you log in (every time), then don’t set it up in the first place.

Security comes at a cost. If it’s too easy, it’s not secure.

2 Likes

Here’s why Cloudflare made your account more secure:

4 Likes

This post was flagged by the community and is temporarily hidden.

Actually it is. You just don’t like it. That’s something completely different, please realize this.
Your opinion will not change a security level :slight_smile:
Security is based on facts, not opinions.

2 Likes

Yes and no; but when you create security that is so annoying that the consequence is that people ignore it, like in this case; then it’s no longer more secure, it’s less secure.

It’s quite obvious, and it’s human nature. The more complicated you make something for the user, the more they will work to simplify it. It’s what the world is about, it’s literally what your entire life is about, “How can I make my life simpler, because in my head, a simple life is a happy life”. Every invention ever made, including CloudFlare, is made to simplify.

If you double the police force, but the consequence is that 75% of them now sit inside and drink coffee instead of patrolling the streets. Have you then made the world more secure? No… You’ve created an illusion that the world is more secure, but in reality, you made it less secure.

Yes, facts are facts, and the fact is, the more complicated you make stuff, the more people will work to simplify it. If the consequence of CloudFlare’s security policy change is that people disable 2Factor, like I have now, and MANY others, then CloudFlare has in fact made their platform less secure, the fact that it’s more secure when people use it, doesn’t matter, if people don’t use it.

If you guys can’t see this simple fact; well… I really hope you’re not devs.

Once all 24 hours should not be too much.

Everyone does everything out of some motivations. Most people asking for strange reasons “lowering security standards” probably do this because they can not hack Cloudflare accounts.

Do not project your own character onto others. If you ignore it does not mean others do.

It is indeed to make it very complicated. But for hackers and people which will not do anything good. For all others incent customers/clients it’s just a very simple step (reading and typing 6 digits). That’s all what it needs to make your world way more secure.

You are actually, like I already said above, the one who think that his own opinion is a fact and who tries to turn around facts and to build alternative and wrong facts by just projecting his own opinion on others. For me that bullshit.

Storing that login in a session is nothing good and hopefully will never be implemented by Cloudflare. The reasons why are already liked by @sdayman here:

I am happy and thankful that Cloudflare is not proving something like “remember this device”.
… you are not, I can understand that. But this is not changing facts, nor is it important in terms of security, just in what you are willing to do for security. And looking all 24 hours on your phone should not be too much.

ALSO:
for me this discussion ends here :slight_smile:
Have a great and very secure day :+1:

2 Likes