[ARIN-consult] increasing 2FA take-up
Adam Thompson
athompso at athompso.net
Wed May 25 12:25:19 EDT 2022
Given that I'd never seen that page before, and I thought I'd read every page on the ARIN website at least once, I repeat my earlier assertion that an education campaign will be necessary if 2FA becomes mandatory.
I'm also concerned about language on that page that says the Recovery Code is the *only* way to regain access to the account. That is unacceptable in at least a couple of trivial scenarios (fired, died, fire, disaster, corrupted TOTP software, etc.).
-Adam
Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: ARIN-consult <arin-consult-bounces at arin.net> on behalf of John Curran <jcurran at arin.net>
Sent: Wednesday, May 25, 2022 10:44:39 AM
To: Scott Leibrand <scottleibrand at gmail.com>
Cc: ARIN-consult <arin-consult at arin.net>
Subject: Re: [ARIN-consult] increasing 2FA take-up
On 25 May 2022, at 11:40 AM, Scott Leibrand <scottleibrand at gmail.com<mailto:scottleibrand at gmail.com>> wrote:
Putting TOTP in 1Password makes login far more convenient than SMS 2FA, and almost as convenient as password-only, even for shared accounts.
ARIN should probably provide instructions for how to add your TOTP to 1Password (and any other password managers that support that workflow), because it's not a very intuitive enrollment experience.
Scott -
Instructions for adding 2FA via TOTP are available here (this is what all of the ARIN 2FA documentation points to) – https://www.arin.net/reference/materials/security/twofactor/
Do you have any suggestions for improvement?
Thanks!
/John
John Curran
President and CEO
American Registry for Internet Numbers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20220525/f646188a/attachment.htm>
More information about the ARIN-consult
mailing list