2FA, was A Deep Dive on the Recent Widespread DNS Hijacking

John Levine johnl at iecc.com
Tue Feb 26 03:13:46 UTC 2019

In article <24679.1551146531 at turing-police.cc.vt.edu> you write:
>So what registries/registrars are supporting 2FA that's better than SMS?

Opensrs does TOTP.  It's certainly not bulletproof, but it's tied to
your actual phone rather than the phone number.  (We careful folk put
our TOTP keys on a couple of our devices in case the phone dies or
gets lost.)  It's very easy to implement, it's an IETF open
specification, and there are lots of clients that support it.

FIDO keys (like Yubikey) also seem OK but I haven't looked at how hard
they are to implement.

More information about the NANOG mailing list