[ARIN-consult] SMS 2FA: Not as secure.....

Larry Rosenman ler at lerctr.org
Tue May 24 12:52:41 EDT 2022


In answer to the consult:
Once SMS-based two-factor authentication (2FA) is available for ARIN 
Online, do you believe ARIN *should not* proceed with requiring 2FA 
authentication (SMS-based or TOTP) for all ARIN Online accounts?  If so, 
why?

SMS 2FA is subject to security flaws, interception, sim-card theft, etc.
I don't believe SMS 2FA is appropriate at all.

TOTP or FIDO should be the only methods, IMO.


-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 214-642-9640                 E-Mail: ler at lerctr.org
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106


More information about the ARIN-consult mailing list