these are the top 2:
- someone fraudulently registered my email to takeover DNS of a domain I own
- thankfully, I was able to claim the account (since the verification emails were coming to me), enable 2FA, and remove the domain from their DNS
- Cloudflare's response was to let the ticket languish and die in Tier1, and then, when I reopened it with their fraud team, was to say, "No one could change your domain's DNS because you were getting the confirmation emails"
- IOW, "we don't care someone was trying to commit fraud – you weren't hurt, so it doesn't matter"
- they block access to LOTS of sites if you access them via proxy or VPN
September 17, 2019 at 12:56PM
via reddit https://www.reddit.com/r/security/comments/c7x88j/best_security_for_the_less_techsecurity_savvy/f0m8p33?utm_source=ifttt