FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts

Owen DeLong owen at
Sun May 29 05:04:56 UTC 2022

I use google auth for several forced 2FA sites and a few sites where what I am protecting is worth the hassle. One difficulty that quickly emerges is managing and finding the correct Totp in the long unsorted list. 

It’s no big deal when you have 6 or even 10, but as it approaches 100 different totp strings, it does become a hassle. 

2FA is great where it makes sense, but contrary to the rhetoric here, it is not without trade offs. 


> On May 28, 2022, at 16:24, goemon--- via NANOG <nanog at> wrote:
> On Sat, 28 May 2022, Jim Popovitch via NANOG wrote:
>> On Sat, 2022-05-28 at 11:36 -0700, Randy Bush wrote:
>>>>   I am not in the ARIN region but I have attended few Arin meetings.
>>>>   As a comment, I live a country were mobile roaming does not
>>>> exists,
>>>> therefore, when 2FA only works with SMS I can not use the service.
>>>> Having
>>>> said that, please consider at least one more way to perform 2FA,
>>>> maybe send
>>>> a code to the email address or something else.
>>> i use google authenticator with
>> There's also the RedHat supported app FreeOTP.
> There are lots of inexpensive hardware TOTP tokens as well.
> Personally when I have to 2fa where sms is not possible, I use a token2 molto-1.
> -Dan

More information about the NANOG mailing list