[ARIN-consult] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts
athompson at merlin.mb.ca
Wed May 25 17:08:55 EDT 2022
FWIW, I've had both scenarios happen to me within the last 2 years. Many SMS-based 2FA systems suddenly broke on one of those occasions, for obvious reasons. Both involved phones and phone numbers not under my direct control, i.e. corporate.
Consultant, Infrastructure Services
100 - 135 Innovation Drive
Winnipeg, MB R3T 6A8
(204) 977-6824 or 1-800-430-6404 (MB only)
Chat with me on Teams: athompson at merlin.mb.ca
> -----Original Message-----
> From: ARIN-consult <arin-consult-bounces at arin.net> On Behalf Of John
> Sent: Wednesday, May 25, 2022 1:30 PM
> To: Gert Doering <gert at space.net>
> Cc: <arin-consult at arin.net> <arin-consult at arin.net>
> Subject: Re: [ARIN-consult] Consultation on Requiring Two-Factor
> Authentication (2FA) for ARIN Online Accounts
> Gert –
> Just curious - on those occasions where you were now on a new device,
> were you still receiving SMS messages on the same number?
> (i.e., if you had been using password and SMS 2FA instead, would you
> have been equally out of luck?)
> John Curran
> President and CEO
> American Registry for Internet Numbers
> > On 25 May 2022, at 2:16 PM, Gert Doering <gert at space.net> wrote:
> > Hi,
> > On Wed, May 25, 2022 at 11:41:14AM -0400, Ross Tajvar wrote:
> >>> I remain unconvinced that inflicting 2FA on me solves a real
> problem that
> >>> actually exists.
> >> I'm not sure why you (and others) seem to think 2FA is so
> >> inconvenient. In my experience, it only takes a few extra seconds,
> or a few
> >> extra clicks/taps depending on how it's set up. The added overhead
> >> is very small.
> > I'm generally in favour of 2FA.
> > But then... last week, RIPE meeting in Berlin, with physical
> > there. Tried to log into the RIPE access system, only to discover
> > The Device that has *this particular* 2FA token was left at home.
> > A few months before, trying to go to Teams for a customer that
> > "set up 2FA initially" for that account - and then turned it on for
> > "must use 2FA once a week". Yeah, no big deal. 2FA token was on an
> > Android device that was decommissioned because "old and half
> > and of course, Android-to-Android "new phone!" transfers don't do
> > Do I have a Yubikey? Yes, of course. Do I not use it for all I
> > Yes, because I carry around enough stuff with me...
> > Just anecdotes, and me having not enough foresight? Of course.
> > But 2FA is not "just a few moments and then it won't bother you
> > anymore, ever".
> > Gert Doering
> > -- NetMaster
> > --
> > have you enabled IPv6 on something today...?
> > SpaceNet AG Vorstand: Sebastian v. Bomhard,
> Michael Emmer
> > Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-
> > D-80807 Muenchen HRB: 136055 (AG Muenchen)
> > Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
> > _______________________________________________
> > ARIN-Consult
> > You are receiving this message because you are subscribed to the
> ARIN Consult Mailing
> > List (ARIN-consult at arin.net).
> > Unsubscribe or manage your mailing list subscription at:
> > https://lists.arin.net/mailman/listinfo/arin-consult Please contact
> the ARIN Member Services
> > Help Desk at info at arin.net if you experience any issues.
> You are receiving this message because you are subscribed to the ARIN
> Consult Mailing
> List (ARIN-consult at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-consult Please contact
> the ARIN Member Services
> Help Desk at info at arin.net if you experience any issues.
More information about the ARIN-consult