[ARIN-consult] increasing 2FA take-up

Ross Tajvar ross at tajvar.io
Wed May 25 11:45:35 EDT 2022 

Just to add to this, I use BitWarden and it supports TOTP as well. It's a
single extra click (or ctrl+V) to get the OTP.
[image: image.png]

On Wed, May 25, 2022 at 11:41 AM Scott Leibrand <scottleibrand at gmail.com>
wrote:

> Putting TOTP in 1Password makes login far more convenient than SMS 2FA,
> and almost as convenient as password-only, even for shared accounts.
>
> ARIN should probably provide instructions for how to add your TOTP to
> 1Password (and any other password managers that support that workflow),
> because it's not a very intuitive enrollment experience.
>
> We could also make 2FA only mandatory for activities that change resource
> control (outbound transfers, reassignments, etc.)...
>
> -Scott
>
> On Wed, May 25, 2022 at 8:21 AM Richard Laager <rlaager at wiktel.com> wrote:
>
>> You can put your TOTP in something like 1Password.
>>
>> --
>> Richard
>>
>> On May 25, 2022, at 09:46, Adam Thompson <athompso at athompso.net> wrote:
>>
>> 
>> I have not enabled 2FA.
>>
>> TOTP lies at the unfortunate confluence of vendor misfeatures and
>> organizational policies that render it not durable or resilient in the face
>> of mobile device failure (which seems to happen to me a LOT more often than
>> normal).  Possibly I don't know something about our approved
>> authenticator apps that might solve the problem, but last time I checked,
>> it was a no-go for me.
>>
>> I've instead opted to use a long, randomly-generated password that I can
>> store in ways that are both secure and durable/resilient.
>>
>> -Adam
>>
>> Get Outlook for Android <https://aka.ms/AAb9ysg>
>> ------------------------------
>> *From:* ARIN-consult <arin-consult-bounces at arin.net> on behalf of Bram
>> Abramson <bda at bazu.org>
>> *Sent:* Wednesday, May 25, 2022 9:26:59 AM
>> *To:* ARIN-consult <arin-consult at arin.net>
>> *Subject:* [ARIN-consult] increasing 2FA take-up
>>
>>
>> All,
>>
>> The current consultation is about rendering SMS a 2FA option, then making
>> 2FA mandatory. But it also notes that TOTP 2FA has been available since
>> 2015 with a 3.2 percent take-up.
>>
>> Optional 2FA is perhaps inevitably doomed to low take-up, but I it’s
>> likely worth documenting any learnings from the implementation thus far, on
>> the way to that 3.2 percent take-up:
>>
>>    -
>>
>>    Have most folks involved in this discussion already activated 2FA
>>    (are we preaching to the converted)? If not — why has it made sense for you
>>    not to?
>>    -
>>
>>    Do we think most of the broader community is aware of the 2FA
>>    opportunity — and are there thoughts, UX or otherwise, on why the crushing
>>    majority of folks haven’t availed themselves of it?
>>
>> Thanks, and cheers,
>> ------------------------------
>>
>> Bram Abramson
>> bda at bazu.org / @bramabramson
>> _______________________________________________
>> ARIN-Consult
>> You are receiving this message because you are subscribed to the ARIN
>> Consult Mailing
>> List (ARIN-consult at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> https://lists.arin.net/mailman/listinfo/arin-consult Please contact the
>> ARIN Member Services
>> Help Desk at info at arin.net if you experience any issues.
>>
>> _______________________________________________
>> ARIN-Consult
>> You are receiving this message because you are subscribed to the ARIN
>> Consult Mailing
>> List (ARIN-consult at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> https://lists.arin.net/mailman/listinfo/arin-consult Please contact the
>> ARIN Member Services
>> Help Desk at info at arin.net if you experience any issues.
>>
> _______________________________________________
> ARIN-Consult
> You are receiving this message because you are subscribed to the ARIN
> Consult Mailing
> List (ARIN-consult at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-consult Please contact the
> ARIN Member Services
> Help Desk at info at arin.net if you experience any issues.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20220525/a337de53/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 5721 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20220525/a337de53/attachment.png>

More information about the ARIN-consult mailing list