[ARIN-consult] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts
Garfield, Nicholas
nigarfield at verisign.com
Fri Jun 17 11:44:35 EDT 2022
Hello,
Verisign fully supports and encourages making 2FA a hard requirement for ARIN Online account access. As such, Verisign’s preference is to require 2FA using ARIN Online’s existing options which includes support for compatible third-party mobile authenticators. Due to the inherent weaknesses of SMS 2FA, this should only be used in the event all other third-party mobile authenticators are deemed unacceptable or not permitted for use due to country specific restrictions or the like. As ARIN is such a critical component of internet infrastructure, Verisign would recommend prioritizing the plans to support FIDO2 and would also recommend developing a cohesive plan to encourage and/or force users that do utilize SMS to migrate to the other two authentication methods.
--
Nick Garfield
Senior Network Engineer
Verisign, Inc
More information about the ARIN-consult
mailing list