[ARIN-consult] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts
Gert Doering
gert at space.net
Wed May 25 14:16:55 EDT 2022
Hi,
On Wed, May 25, 2022 at 11:41:14AM -0400, Ross Tajvar wrote:
> > I remain unconvinced that inflicting 2FA on me solves a real problem that
> > actually exists.
>
> I'm not sure why you (and others) seem to think 2FA is so incredibly
> inconvenient. In my experience, it only takes a few extra seconds, or a few
> extra clicks/taps depending on how it's set up. The added overhead really
> is very small.
I'm generally in favour of 2FA.
But then... last week, RIPE meeting in Berlin, with physical presence
there. Tried to log into the RIPE access system, only to discover that
The Device that has *this particular* 2FA token was left at home.
A few months before, trying to go to Teams for a customer that required
"set up 2FA initially" for that account - and then turned it on for
"must use 2FA once a week". Yeah, no big deal. 2FA token was on an
Android device that was decommissioned because "old and half broken",
and of course, Android-to-Android "new phone!" transfers don't do that.
Do I have a Yubikey? Yes, of course. Do I not use it for all I should?
Yes, because I carry around enough stuff with me...
Just anecdotes, and me having not enough foresight? Of course.
But 2FA is not "just a few moments and then it won't bother you
anymore, ever".
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
More information about the ARIN-consult
mailing list