FYI - 2FA to be come mandatory for ARIN Online?

Peter Beckman beckman at
Sat May 28 03:42:54 UTC 2022

Most services that implement 2FA using SMS and/or Email have been
compromised multiple times.

Services that implement 2FA using TOTP or even App-based Push Notifications
have not.

If someone has your ARIN login, and you use the same passwords on ARIN as
you do with your email provider, then they have access to your email
account. And they can impersonate you to ARIN using the emailed code.


On Tue, 24 May 2022, Raymond Burkholder wrote:

> What about optional additional second factor of sending out an email with 
> digits to enter or a link to confirm login / some other critical operation?

Peter Beckman                                                  Internet Guy
beckman at                      

More information about the NANOG mailing list