[ARIN-consult] Security considerations: forcing 2fa for other users

Adam Thompson athompso at athompso.net
Mon May 11 15:31:29 EDT 2020 

The logical extension of Matt's comments mirror something I've said
before... if there are people who are unable to manage 2FA for whatever
reason (disability, technical, legal, who knows!) then there exists a
subset of those people will also be responsible for IRR data.  I am one
of those unicorns.  2FA (in its current state) is mostly a no-go for me,
yet I maintain IRR data. 

Having 2FA as an option for all the people who CAN use it is great, but
please don't force it on anyone.  Ever. 

I believe an IRR webui is already under development and nearing release.


-Adam 

On 2020-05-11 14:05, Matt Harris wrote:

> Hey folks, 
> I've been using ARIN's website with 2fa for some time and it's worked flawlessly. Bravo on getting that going and helping me be more secure about managing some of my organization's most critical resources.  
> 
> The fourth point on the document however is something I've brought up previously with ARIN and is something I'd very much like to see implemented. Many of us are in situations where less technical members of our organizations must have access to our ARIN resources and simply telling them to enable 2fa may or may not be enough. Being able to require that any account which has access to manage our resources would be a great security benefit for many organizations, and of course it should be an opt-in feature for resource managers within a given organization.  
> 
> One other issue I'd like to bring up is ARIN IRR management. If a web UI could be developed and subsequently locked behind 2factor, that would imho be preferable to the current system which as far as I'm aware, cannot be locked behind 2fa.  
> 
> Take care, 
> Matt 
> 
> Matt Harris​
> 
> |
> 
> Infrastructure Lead Engineer
> 
> 816‑256‑5446
> 
> |
> 
> Direct
> 
> Looking for something?
> 
> Helpdesk Portal [1]
> 
> |
> 
> Email Support
> 
> |
> 
> Billing Portal [2]
> 
> We build and deliver end‑to‑end IT solutions.
> 
> _______________________________________________
> ARIN-Consult
> You are receiving this message because you are subscribed to the ARIN Consult Mailing
> List (ARIN-consult at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services
> Help Desk at info at arin.net if you experience any issues.

 

Links:
------
[1] https://help.netfire.net/
[2] https://my.netfire.net/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20200511/1969872c/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: blocked.gif
Type: image/gif
Size: 118 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20200511/1969872c/attachment-0001.gif>

More information about the ARIN-consult mailing list