The Cloudflare security team needed to rapidly address a phishing attack that attempted to harvest and then use Okta login credentials from employees. Though the attackers successfully stole credentials and attempted to log in, they could not overcome the security key login requirement of Cloudflare’s Zero Trust implementation.
Requiring FIDO2-compliant MFA, like security keys, as part of Zero Trust access policies for all users and apps can strengthen the barrier against multichannel phishing attacks.