[ARIN-consult] increasing 2FA take-up
Scott Leibrand
scottleibrand at gmail.com
Wed May 25 11:58:08 EDT 2022
You currently have:
>
> 1. Open your third-party authenticator application. Choose one of the
> following:
>
>
> - Enter the 16-character key that is displayed in ARIN Online into
> your authenticator application; or
> - Choose Show QR Code and scan the code with your authenticator
> application.
>
> You could add a section near there with usability tips. It should point
out the possibility and extra convenience of putting the TOTP into password
managers like 1Password and BitWarden, and for those not doing so, provide
some guidance on how to ensure that your third-party authenticator
application allows you to store your TOTP on more than one device (or
otherwise back it up). It would also be useful to link to another page
(written by ARIN or by the maker of each password manager) with
per-application instructions (likely with screenshots) of how to add the
TOTP to the password manager. It's not ARIN's job to directly support
third-party authenticator applications, but IMO there is a best-practices
gap that ARIN could fill here.
-Scott
On Wed, May 25, 2022 at 8:44 AM John Curran <jcurran at arin.net> wrote:
>
>
> On 25 May 2022, at 11:40 AM, Scott Leibrand <scottleibrand at gmail.com>
> wrote:
>
> Putting TOTP in 1Password makes login far more convenient than SMS 2FA,
> and almost as convenient as password-only, even for shared accounts.
>
> ARIN should probably provide instructions for how to add your TOTP to
> 1Password (and any other password managers that support that workflow),
> because it's not a very intuitive enrollment experience.
>
>
> Scott -
>
> Instructions for adding 2FA via TOTP are available here (this is what all
> of the ARIN 2FA documentation points to) –
> https://www.arin.net/reference/materials/security/twofactor/
>
> Do you have any suggestions for improvement?
>
> Thanks!
> /John
>
> John Curran
> President and CEO
> American Registry for Internet Numbers
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20220525/c1bc983c/attachment.htm>
More information about the ARIN-consult
mailing list