[ARIN-consult] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts
Adam Thompson
athompson at merlin.mb.ca
Wed May 25 17:08:55 EDT 2022
FWIW, I've had both scenarios happen to me within the last 2 years. Many SMS-based 2FA systems suddenly broke on one of those occasions, for obvious reasons. Both involved phones and phone numbers not under my direct control, i.e. corporate.
-Adam
Adam Thompson
Consultant, Infrastructure Services
MERLIN
100 - 135 Innovation Drive
Winnipeg, MB R3T 6A8
(204) 977-6824 or 1-800-430-6404 (MB only)
https://www.merlin.mb.ca
Chat with me on Teams: athompson at merlin.mb.ca
> -----Original Message-----
> From: ARIN-consult <arin-consult-bounces at arin.net> On Behalf Of John
> Curran
> Sent: Wednesday, May 25, 2022 1:30 PM
> To: Gert Doering <gert at space.net>
> Cc: <arin-consult at arin.net> <arin-consult at arin.net>
> Subject: Re: [ARIN-consult] Consultation on Requiring Two-Factor
> Authentication (2FA) for ARIN Online Accounts
>
> Gert –
>
> Just curious - on those occasions where you were now on a new device,
> were you still receiving SMS messages on the same number?
>
> (i.e., if you had been using password and SMS 2FA instead, would you
> have been equally out of luck?)
>
> Thanks,
> /John
>
> John Curran
> President and CEO
> American Registry for Internet Numbers
>
> > On 25 May 2022, at 2:16 PM, Gert Doering <gert at space.net> wrote:
> >
> > Hi,
> >
> > On Wed, May 25, 2022 at 11:41:14AM -0400, Ross Tajvar wrote:
> >>> I remain unconvinced that inflicting 2FA on me solves a real
> problem that
> >>> actually exists.
> >>
> >> I'm not sure why you (and others) seem to think 2FA is so
> incredibly
> >> inconvenient. In my experience, it only takes a few extra seconds,
> or a few
> >> extra clicks/taps depending on how it's set up. The added overhead
> really
> >> is very small.
> >
> > I'm generally in favour of 2FA.
> >
> > But then... last week, RIPE meeting in Berlin, with physical
> presence
> > there. Tried to log into the RIPE access system, only to discover
> that
> > The Device that has *this particular* 2FA token was left at home.
> >
> > A few months before, trying to go to Teams for a customer that
> required
> > "set up 2FA initially" for that account - and then turned it on for
> > "must use 2FA once a week". Yeah, no big deal. 2FA token was on an
> > Android device that was decommissioned because "old and half
> broken",
> > and of course, Android-to-Android "new phone!" transfers don't do
> that.
> >
> > Do I have a Yubikey? Yes, of course. Do I not use it for all I
> should?
> > Yes, because I carry around enough stuff with me...
> >
> > Just anecdotes, and me having not enough foresight? Of course.
> >
> > But 2FA is not "just a few moments and then it won't bother you
> > anymore, ever".
> >
> > Gert Doering
> > -- NetMaster
> > --
> > have you enabled IPv6 on something today...?
> >
> > SpaceNet AG Vorstand: Sebastian v. Bomhard,
> Michael Emmer
> > Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-
> Culemann
> > D-80807 Muenchen HRB: 136055 (AG Muenchen)
> > Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
> > _______________________________________________
> > ARIN-Consult
> > You are receiving this message because you are subscribed to the
> ARIN Consult Mailing
> > List (ARIN-consult at arin.net).
> > Unsubscribe or manage your mailing list subscription at:
> > https://lists.arin.net/mailman/listinfo/arin-consult Please contact
> the ARIN Member Services
> > Help Desk at info at arin.net if you experience any issues.
>
> _______________________________________________
> ARIN-Consult
> You are receiving this message because you are subscribed to the ARIN
> Consult Mailing
> List (ARIN-consult at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-consult Please contact
> the ARIN Member Services
> Help Desk at info at arin.net if you experience any issues.
More information about the ARIN-consult
mailing list