nanog mailing list archives
Re: FYI - 2FA to be come mandatory for ARIN Online?
From: Peter Beckman <beckman () angryox com>
Date: Fri, 27 May 2022 23:42:54 -0400
Most services that implement 2FA using SMS and/or Email have been compromised multiple times. Services that implement 2FA using TOTP or even App-based Push Notifications have not. If someone has your ARIN login, and you use the same passwords on ARIN as you do with your email provider, then they have access to your email account. And they can impersonate you to ARIN using the emailed code. Beckman On Tue, 24 May 2022, Raymond Burkholder wrote:
What about optional additional second factor of sending out an email with digits to enter or a link to confirm login / some other critical operation?
--------------------------------------------------------------------------- Peter Beckman Internet Guy beckman () angryox com https://www.angryox.com/ ---------------------------------------------------------------------------
Current thread:
- FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts John Curran (May 24)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Laura Smith via NANOG (May 24)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Matt Harris (May 24)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Crist Clark (May 25)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Peter Beckman (May 27)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Royce Williams (May 27)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts John Curran (May 28)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Matt Harris (May 24)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Laura Smith via NANOG (May 24)
- Re: FYI - 2FA to be come mandatory for ARIN Online? John Curran (May 24)
- Re: FYI - 2FA to be come mandatory for ARIN Online? Raymond Burkholder (May 24)
- Re: FYI - 2FA to be come mandatory for ARIN Online? Peter Beckman (May 27)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Randy Bush (May 28)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Jim Popovitch via NANOG (May 28)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts goemon--- via NANOG (May 28)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Owen DeLong via NANOG (May 28)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts tim () pelican org (May 30)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Robert Kisteleki (May 30)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Randy Bush (May 30)