U2F for logins

My1 · May 6, 2018, 9:26pm

the Authy 2FA isnt bad, but U2F would be even better. with U2F one can use a hardware token (usually over USB) to sign in, and the best thing is that it’s almost impossible to do phishing U2Fs, because the browser has to be convinced that

a) the login is actually dash.cloudflare.com (or whatever domain selected)
b) the connection is HTTPS.

before anything works.

AppsON · July 4, 2018, 11:06am

This would be an extra level of security for Cloudflare, please consider this!

sazori · September 14, 2018, 9:56am

please introduce u2f this will be awesome

r1ch · November 21, 2018, 5:42pm

I would also like to see this, especially with the upcoming launch of Cloudflare Domains, there will be valuable assets in CF accounts now. U2F is phishing resistant and provides the highest level of security, something I think Cloudflare should be interested in

wipedata · December 1, 2018, 10:43am

I also recommend Cloudflare adding support for hardware 2FA tokens. Hardware devices like Yubikey is clearly more secure than Authy.

publicarray · December 3, 2018, 6:19am

I would like to add that since Cloudflare is not only a domain’s authoritative DNS, Cloudflare is also a domain registrar which will increase the damage a potential account takeover could do.

ryanm · December 12, 2018, 3:51pm

I’m thrilled to have TOTP for my second factor, but U2F/FIDO2 would be amazing and preferred.

mc12768 · December 13, 2018, 3:54am

Would love to see this. I have a YubiKey and am eager to use it with Cloudflare.

pawel · January 2, 2019, 3:20pm

+1; hardware keys are great security feature!

publicarray · January 15, 2019, 8:45pm

@cloonan do you know if anyone at Cloudflare who knows about the feature request and if anything is planned?

cloonan · January 15, 2019, 8:55pm

@publicarray, nothing that I can see planned, but this gets my vote!

My1 · January 15, 2019, 9:03pm

thanks a lot, also fun fact we are at 42 votes now, so this seems to be the answer to the question of life, the universe and everything, XD

chaz · January 15, 2019, 9:43pm

I would like to use Cloudflare as my domain registrar, but until it supports U2F I will not do so.

will.moreland · February 3, 2019, 2:27am

I’d love to be able to use my Yubikey to secure my Cloudflare login! <3

jamescallumyoung · February 26, 2019, 9:02pm

+1 Hardware keys are supported by a number of large platforms now and I’m surprised to see Cloudflare lagging behind.

jeff19 · February 27, 2019, 5:03am

Yes please. I’m here in part for DNSSEC and SSL handling… it’d be great to have FIDO2/U2F. Keep leading the industry in the right way

percival · March 11, 2019, 3:05pm

Tossing in my +1 for this. This is so much better that OTP both in terms of security and usability.

miloshavlicek · March 11, 2019, 3:58pm

+1 this is a future of secure logins

freitasm · March 12, 2019, 9:33pm

I use Authy (and have just about 80 2FA in that account) but also have a Yubikey and another 15 or so logins using it. I would like U2F support as well)

tekfused · March 25, 2019, 12:09am

I would love to see this feature!