Cloudflare is not affected by the OpenSSL vulnerabilities CVE-2022-3602 and CVE-2022-3786
2022-11-02
Information on CVE-2022-3602 and CVE-2022-3786, and why Cloudflare was not impacted...
How Cloudflare implemented hardware keys with FIDO2 and Zero Trust to prevent phishing
2022-09-29
Adopting a phishing resistant second factor, like a YubiKey with FIDO2, is the number one way to prevent phishing attacks. Cloudflare has used phishing resistant second factors only since February 2021, and these were the steps we took to accomplish that....
The Cloudflare Bug Bounty program and Cloudflare Pages
2022-05-06
The Cloudflare Bug Bounty has resulted in numerous security improvements to Cloudflare Pages...
Securing Cloudflare Using Cloudflare
2022-03-18
Cloudflare is committed to bolstering our security posture with best-in-class solutions — which is why we often turn to our own products as any other Cloudflare customer would....
Dogfooding from Home: How Cloudflare Built our Cloud VPN Replacement
2020-03-28
Rewind to 2015. Back then, as with many other companies, all of Cloudflare’s internally-hosted applications were reached via a hardware-based VPN. ...
Public keys are not enough for SSH security
2019-10-25
If your organization uses SSH public keys, it’s entirely possible you have already lost one. There is a file sitting in a backup or on a former employees computer which grants the holder access to your infrastructure....
You can now use Google Authenticator and any TOTP app for Two-Factor Authentication
2017-02-16
Since the very beginning, Cloudflare has offered two-factor authentication with Authy, and starting today we are expanding your options to keep your account safe with Google Authenticator and any Time-based One Time Password (TOTP) app of your choice....