With web performance and security being the core of CloudFlare, we are always looking for ways to improve not just our customers' website security, but their account security as well. Therefore, we are excited to now offer two-factor authentication for all CloudFlare accounts.
With two-factor authentication, our customers' accounts get an added layer of login security, ultimately adding another layer of security to their websites. We've been working on this feature for a while, and we are happy to announce that it's ready and available to all CloudFlare customers.
To make this feature happen, we worked with Authy, a startup who loves security too. Authy provides an easy-to-use, powerful two-factor authentication service. Their mission is to turn everyone's cell phone into a secure token. The Authy app works with iOS and Android devices and we're providing it free to all CloudFlare account holders. Here's how it works.
Easy additional account security
To turn two-factor authentication on, you simply log into your CloudFlare account, navigate to "My account" and select "two-factor authentication with Authy."
Once there, you will enter your mobile phone information and select "enable two-factor authentication."
You will then receive a text message (your provider's standard text messaging rates will apply). The text message includes a link to download the Authy app. The Authy app will ask you to enter your your mobile phone number. It will then text you a setup pin that you need to enter into the Authy app.
Once you receive your pin number via text, enter it into the Authy app. The Authy app will then be authorized and able to generate authentication tokens unique to your account. In the future, whenever you access your CloudFlare account you'll need three things: 1) your email address, 2) your password, and 3) your two-factor authentication token.
When you login to CloudFlare for the first time after enabling two-factor authentication, you will need to launch the Authy app on your phone. It will generate a unique, 7-digit authentication token. The authentication token is good for 30 seconds and then will change to a new token.
You can store your authentication for 14 days. If you login from an unrecognized device, or after your authentication expires, you'll need to open the Authy app and get your new authentication token for that device. The Authy app does not rely on you having network access, so you can retrieve your code even if your phone is not connected to the Internet.
If you ever lose your phone or get a new one you can reassociate your account by following the reset instructions on Authy's website.
You don't need to enable two-factor authentication in order to continue to use CloudFlare. However, we're providing it to all CloudFlare customers free and we recommend it for everyone who wants additional account security.