2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
John Levine
johnl at iecc.com
Tue Feb 26 03:13:46 UTC 2019
In article <24679.1551146531 at turing-police.cc.vt.edu> you write:
>So what registries/registrars are supporting 2FA that's better than SMS?
Opensrs does TOTP. It's certainly not bulletproof, but it's tied to
your actual phone rather than the phone number. (We careful folk put
our TOTP keys on a couple of our devices in case the phone dies or
gets lost.) It's very easy to implement, it's an IETF open
specification, and there are lots of clients that support it.
FIDO keys (like Yubikey) also seem OK but I haven't looked at how hard
they are to implement.
More information about the NANOG
mailing list