[ARIN-consult] increasing 2FA take-up

Adam Thompson athompso at athompso.net
Wed May 25 12:25:19 EDT 2022

Given that I'd never seen that page before, and I thought I'd read every page on the ARIN website at least once, I repeat my earlier assertion that an education campaign will be necessary if 2FA becomes mandatory.

I'm also concerned about language on that page that says the Recovery Code is the *only* way to regain access to the account.  That is unacceptable in at least a couple of trivial scenarios (fired, died, fire, disaster, corrupted TOTP software, etc.).


Get Outlook for Android<https://aka.ms/AAb9ysg>
From: ARIN-consult <arin-consult-bounces at arin.net> on behalf of John Curran <jcurran at arin.net>
Sent: Wednesday, May 25, 2022 10:44:39 AM
To: Scott Leibrand <scottleibrand at gmail.com>
Cc: ARIN-consult <arin-consult at arin.net>
Subject: Re: [ARIN-consult] increasing 2FA take-up

On 25 May 2022, at 11:40 AM, Scott Leibrand <scottleibrand at gmail.com<mailto:scottleibrand at gmail.com>> wrote:

Putting TOTP in 1Password makes login far more convenient than SMS 2FA, and almost as convenient as password-only, even for shared accounts.

ARIN should probably provide instructions for how to add your TOTP to 1Password (and any other password managers that support that workflow), because it's not a very intuitive enrollment experience.

Scott -

Instructions for adding 2FA via TOTP are available here (this is what all of the ARIN 2FA documentation points to) – https://www.arin.net/reference/materials/security/twofactor/

Do you have any suggestions for improvement?


John Curran
President and CEO
American Registry for Internet Numbers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20220525/f646188a/attachment.htm>

More information about the ARIN-consult mailing list