Y Combinator alumni Authy has been in the spotlight recently: first it was highlighted at TwilioCon for its work in cloud security, and now today, it entered into a partnership with CloudFlare to provide the website security service with two-factor authentication.
If you’re not familiar with CloudFlare, it’s a service designed to protect websites from security threats while also decreasing their load times. Two years ago, it burst onto the scene at TechCrunch Disrupt in San Francisco and since then, it has been on an explosive growth streak. It has helped the US government formulate its Internet policy, among others, and its CEO, Matthew Prince is dead set on fixing what he calls the “broken Internet”.
Through CloudFlare, all site traffic would go through its network, including legitimate visitors, crawlers and bots, and those with malicious intent. The service then filters out the really good traffic and leads them to its protected website.
CloudFlare’s security compromised
But while this looks like a great service, it unfortunately is not without its challenges. Earlier this year, CloudFlare experienced a setback as hackers were able to access a customer account and modify their DNS records. It says that the attack was a result of “a compromise of Google’s account security procedures that allowed the hacker to eventually access [my] CloudFlare.com email addresses, which runs on Google Apps”. It appears that at the time, there was a failure in proper protection for the affected account and a solution needed to be implemented.
Is Authy here to save the day?
Enter Authy, the security service that provides two-factor authentication. After hearing about CloudFlare’s plight, founder Daniel Palacio contacted Prince to recommend his services to shore up its defenses. Having protected more than 15,000 accounts ranging from medical data to social networks, Authy says it brought to the table a platform that would provide better security for these services.
Two-factor authentication is an approach used by Google and others and requires users to pass at least two authentication layers. It’s more than just entering in your username and password. When enabled, a user would log in using their standard credentials, but then receive a text message or some other notification requiring an additional level of validation to prove that they really are who they say they are. Another way to think about it is when you go to the ATM: the first authentication is when you use your card; the second one is when you manually enter in your PIN.
With this partnership, Authy went ahead and created a new version that all their customers can use, complete with changes to their system. Many of these changes are in the back-end such as multi-region redundancy, automated time sync, and more. The company says that what’s important is that it now supports multiple branded tokens, each one containing a different key and set of permissions.
So for CloudFlare, users will have a secret key specific to their account and that will only work in that system.
Photo credit: pbkwee/Flickr