FYI - 2FA to be come mandatory for ARIN Online?
Peter Beckman
beckman at angryox.com
Sat May 28 03:42:54 UTC 2022
Most services that implement 2FA using SMS and/or Email have been
compromised multiple times.
Services that implement 2FA using TOTP or even App-based Push Notifications
have not.
If someone has your ARIN login, and you use the same passwords on ARIN as
you do with your email provider, then they have access to your email
account. And they can impersonate you to ARIN using the emailed code.
Beckman
On Tue, 24 May 2022, Raymond Burkholder wrote:
> What about optional additional second factor of sending out an email with
> digits to enter or a link to confirm login / some other critical operation?
---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman at angryox.com https://www.angryox.com/
---------------------------------------------------------------------------
More information about the NANOG
mailing list