nanog mailing list archives
Re: FYI - 2FA to be come mandatory for ARIN Online?
From: John Curran <jcurran () arin net>
Date: Tue, 24 May 2022 22:22:33 +0000
On 24 May 2022, at 4:39 PM, niels=nanog () bakker net wrote: * nanog () nanog org (Laura Smith via NANOG) [Tue 24 May 2022, 22:22 CEST]:Its 2022. Do we really still need a consultation on why mandatory 2FA is a good thing ? Even more so for something like ARIN ?To many of us in 2022 it's clear that SMS 2FA isn't necessarily a good way to protect critical infrastructure, but apparently ARIN does need a consultation for that
Niels - I can think of several reasons why "SMS 2FA isn't necessarily a good way to protect critical infrastructure”… Of course, there’s also the point that requiring 2FA for everyone – even if just SMS – would still be a superior state of affairs then the present condition (wherein 97% of ARIN Online users rely on just a password, and this despite 2FA via TOTP being available for ARIN Online accounts for years…) There could easily be some operational concerns resulting from making 2FA authentication mandatory of which we on the ARIN staff are not aware, so we conduct a consultation. Your voice can be part of that consultation, but again it’s taking place on arin-consult mailing list (open to all) – not here. Thanks! /John John Curran President and CEO American Registry for Internet Numbers
Current thread:
- FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts John Curran (May 24)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Laura Smith via NANOG (May 24)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Matt Harris (May 24)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Crist Clark (May 25)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Peter Beckman (May 27)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Royce Williams (May 27)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts John Curran (May 28)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Matt Harris (May 24)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Laura Smith via NANOG (May 24)
- Re: FYI - 2FA to be come mandatory for ARIN Online? John Curran (May 24)
- Re: FYI - 2FA to be come mandatory for ARIN Online? Raymond Burkholder (May 24)
- Re: FYI - 2FA to be come mandatory for ARIN Online? Peter Beckman (May 27)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Randy Bush (May 28)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Jim Popovitch via NANOG (May 28)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts goemon--- via NANOG (May 28)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Owen DeLong via NANOG (May 28)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts tim () pelican org (May 30)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Robert Kisteleki (May 30)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Randy Bush (May 30)