[ARIN-consult] increasing 2FA take-up

Adam Thompson athompso at athompso.net
Wed May 25 10:46:48 EDT 2022

I have not enabled 2FA.

TOTP lies at the unfortunate confluence of vendor misfeatures and organizational policies that render it not durable or resilient in the face of mobile device failure (which seems to happen to me a LOT more often than normal).  Possibly I don't know something about our approved authenticator apps that might solve the problem, but last time I checked, it was a no-go for me.

I've instead opted to use a long, randomly-generated password that I can store in ways that are both secure and durable/resilient.


Get Outlook for Android<https://aka.ms/AAb9ysg>
From: ARIN-consult <arin-consult-bounces at arin.net> on behalf of Bram Abramson <bda at bazu.org>
Sent: Wednesday, May 25, 2022 9:26:59 AM
To: ARIN-consult <arin-consult at arin.net>
Subject: [ARIN-consult] increasing 2FA take-up


The current consultation is about rendering SMS a 2FA option, then making 2FA mandatory. But it also notes that TOTP 2FA has been available since 2015 with a 3.2 percent take-up.

Optional 2FA is perhaps inevitably doomed to low take-up, but I it’s likely worth documenting any learnings from the implementation thus far, on the way to that 3.2 percent take-up:

  *   Have most folks involved in this discussion already activated 2FA (are we preaching to the converted)? If not — why has it made sense for you not to?

  *   Do we think most of the broader community is aware of the 2FA opportunity — and are there thoughts, UX or otherwise, on why the crushing majority of folks haven’t availed themselves of it?

Thanks, and cheers,


Bram Abramson
bda at bazu.org<mailto:bda at bazu.org> / @bramabramson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20220525/1c810502/attachment-0001.htm>

More information about the ARIN-consult mailing list