[ARIN-consult] increasing 2FA take-up
Peter Beckman
beckman at angryox.com
Thu May 26 00:20:52 EDT 2022
Agreed. 2FA should be required when the account protects important assets.
2FA should be optional but available for those who wish to further secure
their account for less important assets.
This begs the question though -- could opening a ticket with ARIN and
responding to it cause resource control to change? If so, tickets should
also be protected.
Always consider your threat matrix -- if someone could log into the ARIN
Ticketing System and pretend to be you, could that have huge negative
impacts on assignments and resources? If so, then 2FA should be mandatory
there as well.
Beckman
On Wed, 25 May 2022, Owen DeLong via ARIN-consult wrote:
>> We could also make 2FA only mandatory for activities that change resource control (outbound transfers, reassignments, etc.)...
>
> I would support this.
>
> I’m fine if I have to 2FA to do something potentially harmful, but to have to 2FA every time I log in to check the status of a ticket would be less than ideal.
---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman at angryox.com https://www.angryox.com/
---------------------------------------------------------------------------
-------------- next part --------------
_______________________________________________
ARIN-Consult
You are receiving this message because you are subscribed to the ARIN Consult Mailing
List (ARIN-consult at arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services
Help Desk at info at arin.net if you experience any issues.
More information about the ARIN-consult
mailing list