Subscribe to receive notifications of new posts:

Two-factor Authentication Now Available


3 min read

With web performance and security being the core of CloudFlare, we are always looking for ways to improve not just our customers' website security, but their account security as well. Therefore, we are excited to now offer two-factor authentication for all CloudFlare accounts.

With two-factor authentication, our customers' accounts get an added layer of login security, ultimately adding another layer of security to their websites. We've been working on this feature for a while, and we are happy to announce that it's ready and available to all CloudFlare customers.

To make this feature happen, we worked with Authy, a startup who loves security too. Authy provides an easy-to-use, powerful two-factor authentication service. Their mission is to turn everyone's cell phone into a secure token. The Authy app works with iOS and Android devices and we're providing it free to all CloudFlare account holders. Here's how it works.

Easy additional account security

To turn two-factor authentication on, you simply log into your CloudFlare account, navigate to "My account" and select "two-factor authentication with Authy."

Two-factor Authentication Now Available

Once there, you will enter your mobile phone information and select "enable two-factor authentication."

You will then receive a text message (your provider's standard text messaging rates will apply). The text message includes a link to download the Authy app. The Authy app will ask you to enter your your mobile phone number. It will then text you a setup pin that you need to enter into the Authy app.

Two-factor Authentication Now
Authentication Now

Once you receive your pin number via text, enter it into the Authy app. The Authy app will then be authorized and able to generate authentication tokens unique to your account. In the future, whenever you access your CloudFlare account you'll need three things: 1) your email address, 2) your password, and 3) your two-factor authentication token.

When you login to CloudFlare for the first time after enabling two-factor authentication, you will need to launch the Authy app on your phone. It will generate a unique, 7-digit authentication token. The authentication token is good for 30 seconds and then will change to a new token.

Two-factor Authentication Now Available

You can store your authentication for 14 days. If you login from an unrecognized device, or after your authentication expires, you'll need to open the Authy app and get your new authentication token for that device. The Authy app does not rely on you having network access, so you can retrieve your code even if your phone is not connected to the Internet.

If you ever lose your phone or get a new one you can reassociate your account by following the reset instructions on Authy's website.

You don't need to enable two-factor authentication in order to continue to use CloudFlare. However, we're providing it to all CloudFlare customers free and we recommend it for everyone who wants additional account security.

We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet application, ward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

Follow on X


Related posts

May 30, 2024 12:12 PM

Cloudflare acquires BastionZero to extend Zero Trust access to IT infrastructure

We’re excited to announce that BastionZero, a Zero Trust infrastructure access platform, has joined Cloudflare. This acquisition extends our Zero Trust Network Access (ZTNA) flows with native access management for infrastructure like servers, Kubernetes clusters, and databases...

April 12, 2024 1:00 PM

How we ensure Cloudflare customers aren't affected by Let's Encrypt's certificate chain change

Let’s Encrypt’s cross-signed chain will be expiring in September. This will affect legacy devices with outdated trust stores (Android versions 7.1.1 or older). To prevent this change from impacting customers, Cloudflare will shift Let’s Encrypt certificates upon renewal to use a different CA...