nanog mailing list archives

Re: FYI - 2FA to be come mandatory for ARIN Online?

From: Peter Beckman <beckman () angryox com>
Date: Fri, 27 May 2022 23:42:54 -0400

Most services that implement 2FA using SMS and/or Email have been
compromised multiple times.

Services that implement 2FA using TOTP or even App-based Push Notifications
have not.

If someone has your ARIN login, and you use the same passwords on ARIN as
you do with your email provider, then they have access to your email
account. And they can impersonate you to ARIN using the emailed code.

Beckman

On Tue, 24 May 2022, Raymond Burkholder wrote:

What about optional additional second factor of sending out an email withdigits to enter or a link to confirm login / some other critical operation?



---------------------------------------------------------------------------
Peter Beckman                                                  Internet Guy
beckman () angryox com                                https://www.angryox.com/
---------------------------------------------------------------------------

Current thread:

FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts John Curran (May 24)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Laura Smith via NANOG (May 24)
  - Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Matt Harris (May 24)
  - Re: FYI - 2FA to be come mandatory for ARIN Online? niels=nanog (May 24)
    - Re: FYI - 2FA to be come mandatory for ARIN Online? John Curran (May 24)
    - Re: FYI - 2FA to be come mandatory for ARIN Online? Raymond Burkholder (May 24)
    - Re: FYI - 2FA to be come mandatory for ARIN Online? Peter Beckman (May 27)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Alejandro Acosta (May 28)
  - Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Randy Bush (May 28)
    - Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Jim Popovitch via NANOG (May 28)
    - Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts goemon--- via NANOG (May 28)
    - Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Owen DeLong via NANOG (May 28)
    - Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts tim () pelican org (May 30)
    - Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Robert Kisteleki (May 30)
    - Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Randy Bush (May 30)