[ARIN-consult] ACSP Consultation: Advanced Security Features for ARIN Online
Matthew Wilder
Matthew.Wilder at telus.com
Thu Apr 16 14:39:17 EDT 2020
On Thu, Apr 16, 2020 at 11:31 PM Gary Buhrmaster <gary.buhrmaster at gmail.com> wrote:
> > Requiring the use of Two-factor Authentication (2FA) on all accounts,
> > or allowing Admin Points of Contact (POCs) to control permissions on
> > access to their Organization Records to only allow access from
> > associated POCs who have 2FA on their user accounts
> An org's admin should have the discretion to determine their orgs specific
> requirements. There is no one size that fits all. That might include the
> ability for a poc associated with the account to change a password via
> SMS, although if a poc is shared between orgs I can see some interesting
> cases and opportunities.
As the requestor of this feature, your description is more precisely what I
intended than what I managed to say. The idea is that some organizations with
multiple POCs may want to have some means of ensuring that all POCs associated
with their organization meet a required security level. This was not meant to
be prescriptive across the board, but to present an option at an OrgID level.
To be extra extra clear, I am in full agreement with Adam's opinion:
"I'm OK with "encourage", but not "require".
That's the idea I was really shooting for.
Cheers!
Matthew Wilder
_______________________________________________
ARIN-Consult
You are receiving this message because you are subscribed to the ARIN Consult Mailing List (ARIN-consult at arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services Help Desk at info at arin.net if you experience any issues.
More information about the ARIN-consult
mailing list