[ARIN-consult] Security considerations: forcing 2fa for other users

Matt Harris matt at netfire.net
Mon May 11 15:05:04 EDT 2020


Hey folks,
I've been using ARIN's website with 2fa for some time and it's worked
flawlessly. Bravo on getting that going and helping me be more secure about
managing some of my organization's most critical resources.

The fourth point on the document however is something I've brought up
previously with ARIN and is something I'd very much like to see
implemented. Many of us are in situations where less technical members of
our organizations must have access to our ARIN resources and simply telling
them to enable 2fa may or may not be enough. Being able to require that any
account which has access to manage our resources would be a great security
benefit for many organizations, and of course it should be an opt-in
feature for resource managers within a given organization.

One other issue I'd like to bring up is ARIN IRR management. If a web UI
could be developed and subsequently locked behind 2factor, that would imho
be preferable to the current system which as far as I'm aware, cannot be
locked behind 2fa.

Take care,
Matt

Matt Harris|Infrastructure Lead Engineer
816-256-5446|Direct
Looking for something?
Helpdesk Portal|Email Support|Billing Portal
We build and deliver end-to-end IT solutions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20200511/22a15d70/attachment.htm>


More information about the ARIN-consult mailing list