[ARIN-consult] 2FA TOTP Required: I support

Peter Beckman beckman at angryox.com
Tue May 24 18:49:21 EDT 2022

I'm writing in support of moving away from Two-Factor Authentication by SMS
to Two-Factor Authentication by TOTP (application-based).

I run a phone company and changing SMS routing without changing the Voice
routing is far to easy and lacking enough controls and notifications about
such changes, which puts SMS OTP at risk for abuse and theft.

While TOTP may not be as secure as a physical token, it is harder to steal,
only good for 30 seconds, and does not transit any 3rd party network (such
as with SMS) that can be externally intercepted.

I strongly believe that TFA should be required, for ARIN as well as most
any web service that authenticates users.

Peter Beckman                                                  Internet Guy
beckman at angryox.com                                https://www.angryox.com/

More information about the ARIN-consult mailing list