[ARIN-consult] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts

Garfield, Nicholas nigarfield at verisign.com
Fri Jun 17 11:44:35 EDT 2022


Hello,
Verisign fully supports and encourages making 2FA a hard requirement for ARIN Online account access.  As such, Verisign’s preference is to require 2FA using ARIN Online’s existing options which includes support for compatible third-party mobile authenticators.  Due to the inherent weaknesses of SMS 2FA, this should only be used in the event all other third-party mobile authenticators are deemed unacceptable or not permitted for use due to country specific restrictions or the like. As ARIN is such a critical component of internet infrastructure, Verisign would recommend prioritizing the plans to support FIDO2 and would also recommend developing a cohesive plan to encourage and/or force users that do utilize SMS to migrate to the other two authentication methods.
--
Nick Garfield
Senior Network Engineer
Verisign, Inc






More information about the ARIN-consult mailing list