[ARIN-consult] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts
Mark Elkins
mje at posix.co.za
Wed May 25 04:06:20 EDT 2022
On 5/24/22 6:46 PM, ARIN wrote:
> **Background**
>
> In 2015, ARIN deployed a Time-Based One-Time password (TOTP) implementation of Two-Factor Authentication (2FA). Since the time of implementing that login security feature, 3.2 percent of ARIN Online users have opted to use 2FA with their accounts.
Years back, I added TOTP (Time based one time password) to the front end
of my "Virtual Web" management system (I sell domains - etc). The TOTP
APP is easy to install on any modern mobile device (I use mOTP). I allow
the customer to configure their TOTP backend "OTP management" codes and
to also test that the TOTP works locally before enforcing it.
(the grey text above are prompts)
This is also combined with the ability to specify an access list made up
of multiple network blocks from where the OTP is not needed, that is
some machines with static IP's on the persons home network. To enforce
OTP - just use an address such as 1.0.0.0/32 (or similar). This access
list is similar to some of the validation that EPP uses. The php code
was not too complicated. Using TOTP is free - no SMS's - etc.
One then has the best of both worlds - some secure locations from where
OTP is not required and the OTP's for other (transient) locations.
TOTP security is optional - so of course very few customers use it (1%
or so) - but it is there!
Education would be necessary. I provide the following...
--
Mark James ELKINS - Posix Systems - (South) Africa
mje at posix.co.za Tel: +27.826010496 <tel:+27826010496>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20220525/31a3836a/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kbmdcmhlnngimhca.png
Type: image/png
Size: 10728 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20220525/31a3836a/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mipgcaboncbcaodl.png
Type: image/png
Size: 82039 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20220525/31a3836a/attachment-0003.png>
More information about the ARIN-consult
mailing list