[ARIN-consult] SMS 2FA: Not as secure.....
ler at lerctr.org
Tue May 24 12:52:41 EDT 2022
In answer to the consult:
Once SMS-based two-factor authentication (2FA) is available for ARIN
Online, do you believe ARIN *should not* proceed with requiring 2FA
authentication (SMS-based or TOTP) for all ARIN Online accounts? If so,
SMS 2FA is subject to security flaws, interception, sim-card theft, etc.
I don't believe SMS 2FA is appropriate at all.
TOTP or FIDO should be the only methods, IMO.
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 E-Mail: ler at lerctr.org
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
More information about the ARIN-consult