ZeroTrust with Yubi Keys

Hi, I have a zero trust tunnel setup to my home with various applications. The method to login is that it emails me a code I enter.. This works great, but I need to setup a way to get access that's secure in case I don't have access to my emails. This scenario happened to me recently... I needed access to my iCloud as I had smashed my iPhone and Apple wouldn't let me have a new phone that day unless I could disable the "Find my iPhone" feature. I don't know any of my passwords as I use a password manager and so couldn't get access to my emails as my phone was shashed and and thus couldn't get past Zero Trust tog t to my password manager which I won't put public facing. So, as I carry my YubiKeys everywhere I would like to setup a second method where I can use my YubiKeys a secondary option which would allow me in without email access but also keeping email me a code as an option in case I forgot my Yubikeys (good secure methods for both scenarios). So is it possible to setup Yubikeys as another options because I cannot see how to get it working. Everything I read tells me to add MFA but this doesn't work. It still presents me with a form to add my email address but doesn't email me anything. Thanks for your help.
3 Replies
TheCableGuy96
TheCableGuy96OP7mo ago
sorry but what is an idp? okay external identity provider.... but isn't my yubikey exactly that? it verifies against their servers hello?
Cyb3r-Jak3
Cyb3r-Jak37mo ago
Cloudflare does not offer a build in way to use Yuibikeys to verify, which is why you need an external IDP for it.
TheCableGuy96
TheCableGuy96OP7mo ago
If I used an IDP I'd still need to login there so just adding an extra step without fixing the issue. So I suppose, what's the most secure way of logging in to Zero Trust if you have no access to your emails? Password only? I worry about using that with Brute Force. I know CF will have protection for that I just don't see it as amazingly secure. thats a better option then. So can you recommend a good one? preferrably free? okay i'll check those out, thank you!
Want results from more Discord servers?
Add your server