FYI - 2FA to be come mandatory for ARIN Online?

• Previous message (by thread): FYI - 2FA to be come mandatory for ARIN Online?
• Next message (by thread): FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Most services that implement 2FA using SMS and/or Email have been
compromised multiple times.

Services that implement 2FA using TOTP or even App-based Push Notifications
have not.

If someone has your ARIN login, and you use the same passwords on ARIN as
you do with your email provider, then they have access to your email
account. And they can impersonate you to ARIN using the emailed code.

Beckman

On Tue, 24 May 2022, Raymond Burkholder wrote:

> What about optional additional second factor of sending out an email with 
> digits to enter or a link to confirm login / some other critical operation?


---------------------------------------------------------------------------
Peter Beckman                                                  Internet Guy
beckman at angryox.com                                https://www.angryox.com/
---------------------------------------------------------------------------

• Previous message (by thread): FYI - 2FA to be come mandatory for ARIN Online?
• Next message (by thread): FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]