[ARIN-consult] Consultation on Password Security for ARIN Online Accounts

Rob Seastrom rs at seastrom.com
Tue Feb 16 17:56:05 EST 2021


TOTP is "OK but not ascendant".  The RFC is 10 years old; the technology has roots that are much older (HOTP).  There are better things now.

It is still way way way better than "no 2FA", but if we are going to go from optional to required, we might want to consider a recalibration.  Job submitted this through the ACSP process less than a month ago:
https://www.arin.net/participate/community/acsp/suggestions/2021/2021-2/ <https://www.arin.net/participate/community/acsp/suggestions/2021/2021-2/>

-r


> On Feb 16, 2021, at 4:30 PM, Heather Schiller via ARIN-consult <arin-consult at arin.net> wrote:
> 
> 2FA like this? https://www.arin.net/reference/materials/security/twofactor/ <https://www.arin.net/reference/materials/security/twofactor/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20210216/9be33111/attachment.htm>


More information about the ARIN-consult mailing list