nanog mailing list archives

Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking

From: Rubens Kuhl <rubensk () gmail com>
Date: Tue, 26 Feb 2019 00:20:10 -0300

On Tue, Feb 26, 2019 at 12:14 AM John Levine <johnl () iecc com> wrote:

In article <24679.1551146531 () turing-police cc vt edu> you write:

So what registries/registrars are supporting 2FA that's better than SMS?


Opensrs does TOTP.  It's certainly not bulletproof, but it's tied to
your actual phone rather than the phone number.  (We careful folk put
our TOTP keys on a couple of our devices in case the phone dies or
gets lost.)  It's very easy to implement, it's an IETF open
specification, and there are lots of clients that support it.

FIDO keys (like Yubikey) also seem OK but I haven't looked at how hard
they are to implement.

https://twofactorauth.org/#domains gives a good view of the domain
management landscape regarding 2FA.


Rubens

Current thread:

Re: A Deep Dive on the Recent Widespread DNS Hijacking, (continued)
- - - Re: A Deep Dive on the Recent Widespread DNS Hijacking Sander Steffann (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Owen DeLong (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Eric Kuhnke (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Paul Ebersman (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking valdis . kletnieks (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Paul Ebersman (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking valdis . kletnieks (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Eric Kuhnke (Feb 25)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Hunter Fuller (Feb 25)
    - Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 25)
    - Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Rubens Kuhl (Feb 25)
    - RE: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Keith Medcalf (Feb 25)
    - Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Job Snijders (Feb 25)
    - Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Seth Mattinen (Feb 26)
    - Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking valdis . kletnieks (Feb 26)
    - Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Matthew Petach (Feb 26)
    - RE: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Keith Medcalf (Feb 26)
    - Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Hunter Fuller (Feb 26)
    - Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking Ross Tajvar (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Saku Ytti (Feb 26)
    - Re: A Deep Dive on the Recent Widespread DNS Hijacking Tony Finch (Feb 26)

(Thread continues...)