[ARIN-consult] SMS 2FA: Not as secure.....

Ross Tajvar ross at tajvar.io
Tue May 24 15:52:35 EDT 2022


I strongly agree with Larry. I have had money stolen from accounts
protected with SMS 2FA because it is not secure. I do not support
enablement of SMS 2FA at all, even as a second option. I *do* support
mandatory enforcement of TOTP or FIDO 2FA for all users, new or not.

-Ross

In answer to the consult:
> Once SMS-based two-factor authentication (2FA) is available for ARIN
> Online, do you believe ARIN *should not* proceed with requiring 2FA
> authentication (SMS-based or TOTP) for all ARIN Online accounts?  If so,
> why?
>
> SMS 2FA is subject to security flaws, interception, sim-card theft, etc.
> I don't believe SMS 2FA is appropriate at all.
>
> TOTP or FIDO should be the only methods, IMO.
>
>
> --
> Larry Rosenman                     http://www.lerctr.org/~ler
> Phone: +1 214-642-9640                 E-Mail: ler at lerctr.org <https://lists.arin.net/mailman/listinfo/arin-consult>
> US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20220524/0925449f/attachment.htm>


More information about the ARIN-consult mailing list