Re: Am I missing something ?
You *are*, because Google Authenticator would *not* have stopped this dead. That's the point that Cloudflare is making:
It's precisely because Cloudflare *weren't* using something like Google Authenticator and rather something like YubiKey (set up to check that the request came from somewhere legit, which Google Authenticator *DOES*. *NOT. *DO*), that the attack was thwarted.
Would help if you read the technical details of the attack *carefully*, or you look like an ass. You *do* have a point about corporates yammering on about 'the bad hackers' when security could be done properly.