[ARIN-consult] increasing 2FA take-up
Ross Tajvar
ross at tajvar.io
Wed May 25 17:36:42 EDT 2022
To add to this - I access my BitWarden vault with 2FA using a hardware
token. In my view, the two factors to access my ARIN account are 1)
knowledge of my ARIN password (which could potentially be brute-forced or
harvested via phishing or something) and 2) access to my BitWarden vault.
Thus, my ARIN account has 2FA, and my BitWarden account also has 2FA
(meaning ARIN access is not reduced to 1FA).
On Wed, May 25, 2022 at 1:55 PM Scott Leibrand <scottleibrand at gmail.com>
wrote:
> I use 1Password with a local vault, not their new cloud-based service
> (which has more account-recovery options, for better or for worse). My two
> factors are possession of my 1Password vault and knowledge of the master
> password to it. So the point of 2FA is not defeated by that setup, just
> delegated. The end result is more secure than SMS 2FA using a password I
> have to remember (and might mistype into a phishing site).
>
> -Scott
>
> On Wed, May 25, 2022 at 10:01 AM William Herrin <bill at herrin.us> wrote:
>
>> On Wed, May 25, 2022 at 8:40 AM Scott Leibrand <scottleibrand at gmail.com>
>> wrote:
>> > Putting TOTP in 1Password makes login far more convenient than SMS 2FA,
>> and almost as convenient as password-only, even for shared accounts.
>>
>> Hi Scott,
>>
>> Putting TOTP in 1Password alongside your actual password reduces it to
>> 1-factor authentication: access to 1Password. That both defeats the
>> point of two factor authentication and makes your ARIN access
>> dependent on a third party (1Password).
>>
>> Regards,
>> Bill Herrin
>>
>> --
>> William Herrin
>> bill at herrin.us
>> https://bill.herrin.us/
>>
> _______________________________________________
> ARIN-Consult
> You are receiving this message because you are subscribed to the ARIN
> Consult Mailing
> List (ARIN-consult at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-consult Please contact the
> ARIN Member Services
> Help Desk at info at arin.net if you experience any issues.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20220525/8e2a4c7b/attachment.htm>
More information about the ARIN-consult
mailing list