[ARIN-consult] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts

Gert Doering gert at space.net
Thu May 26 05:51:05 EDT 2022


Hi,

On Wed, May 25, 2022 at 06:30:26PM +0000, John Curran wrote:
> Gert ???
> 
> Just curious - on those occasions where you were now on a new device, were you still receiving SMS messages on the same number?
> 
> (i.e., if you had been using password and SMS 2FA instead, would you have been equally out of luck?)

Yes, my mobile phone number has not changed in 25+ years :) - so SMS
reception was still possible.  It has been an inconvenience as well,
at times, when mobile reception was spotty, or Amazon decided to send
not a 4- or 6-digit code, but an URL with a 32-byte random identifier -
to my Nokia 208, which does "SMS and voice", but no "Internet"...

If going for SMS 2FA, I think one should take into account that it's
known to have attack vectors - so maybe combine that with an e-mail
"SMS 2FA has been used to log into your account from an unknown 
device", etc.

Gert Doering
        -- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG                      Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14        Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20220526/20448a3f/attachment.sig>


More information about the ARIN-consult mailing list