nanog mailing list archives

Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts

From: Owen DeLong via NANOG <nanog () nanog org>
Date: Sat, 28 May 2022 22:04:56 -0700

I use google auth for several forced 2FA sites and a few sites where what I am protecting is worth the hassle. One 
difficulty that quickly emerges is managing and finding the correct Totp in the long unsorted list. 

It’s no big deal when you have 6 or even 10, but as it approaches 100 different totp strings, it does become a hassle. 

2FA is great where it makes sense, but contrary to the rhetoric here, it is not without trade offs. 

Owen

On May 28, 2022, at 16:24, goemon--- via NANOG <nanog () nanog org> wrote:

On Sat, 28 May 2022, Jim Popovitch via NANOG wrote:

On Sat, 2022-05-28 at 11:36 -0700, Randy Bush wrote:

  I am not in the ARIN region but I have attended few Arin meetings.
  As a comment, I live a country were mobile roaming does not
exists,
therefore, when 2FA only works with SMS I can not use the service.
Having
said that, please consider at least one more way to perform 2FA,
maybe send
a code to the email address or something else.

i use google authenticator with arin.net

There's also the RedHat supported app FreeOTP.


There are lots of inexpensive hardware TOTP tokens as well.

Personally when I have to 2fa where sms is not possible, I use a token2 molto-1.

-Dan

Current thread:

Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts, (continued)
- - - Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Royce Williams (May 27)
    - Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts John Curran (May 28)
  - Re: FYI - 2FA to be come mandatory for ARIN Online? niels=nanog (May 24)
    - Re: FYI - 2FA to be come mandatory for ARIN Online? John Curran (May 24)
    - Re: FYI - 2FA to be come mandatory for ARIN Online? Raymond Burkholder (May 24)
    - Re: FYI - 2FA to be come mandatory for ARIN Online? Peter Beckman (May 27)
- Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Alejandro Acosta (May 28)
  - Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Randy Bush (May 28)
    - Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Jim Popovitch via NANOG (May 28)
    - Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts goemon--- via NANOG (May 28)
    - Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Owen DeLong via NANOG (May 28)
    - Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts tim () pelican org (May 30)
    - Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Robert Kisteleki (May 30)
    - Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts Randy Bush (May 30)