the Authy 2FA isnt bad, but U2F would be even better. with U2F one can use a hardware token (usually over USB) to sign in, and the best thing is that it’s almost impossible to do phishing U2Fs, because the browser has to be convinced that
a) the login is actually dash.cloudflare.com (or whatever domain selected)
b) the connection is HTTPS.
before anything works.
This would be an extra level of security for Cloudflare, please consider this!
please introduce u2f this will be awesome
I would also like to see this, especially with the upcoming launch of Cloudflare Domains, there will be valuable assets in CF accounts now. U2F is phishing resistant and provides the highest level of security, something I think Cloudflare should be interested in
I also recommend Cloudflare adding support for hardware 2FA tokens. Hardware devices like Yubikey is clearly more secure than Authy.
I would like to add that since Cloudflare is not only a domain’s authoritative DNS, Cloudflare is also a domain registrar which will increase the damage a potential account takeover could do.
I’m thrilled to have TOTP for my second factor, but U2F/FIDO2 would be amazing and preferred.
Would love to see this. I have a YubiKey and am eager to use it with Cloudflare.
+1; hardware keys are great security feature!
@cloonan do you know if anyone at Cloudflare who knows about the feature request and if anything is planned?
@publicarray, nothing that I can see planned, but this gets my vote!
thanks a lot, also fun fact we are at 42 votes now, so this seems to be the answer to the question of life, the universe and everything, XD
I would like to use Cloudflare as my domain registrar, but until it supports U2F I will not do so.
I’d love to be able to use my Yubikey to secure my Cloudflare login! <3
+1 Hardware keys are supported by a number of large platforms now and I’m surprised to see Cloudflare lagging behind.
Yes please. I’m here in part for DNSSEC and SSL handling… it’d be great to have FIDO2/U2F. Keep leading the industry in the right way
Tossing in my +1 for this. This is so much better that OTP both in terms of security and usability.
+1 this is a future of secure logins
I use Authy (and have just about 80 2FA in that account) but also have a Yubikey and another 15 or so logins using it. I would like U2F support as well)
I would love to see this feature!