[ARIN-consult] [General-members] Consultation on Expanding 2FA Options for ARIN Online

[Adam Thompson]

> 1. Would you support ARIN offering email as an additional 2FA method?

Yes.


> 2. Given that 13% of web user accounts list phone numbers outside the ARIN service region, should we widen the availability of SMS, or are the other offered 2FA options sufficient to meet the needs of these users?

You should not limit SMS to the "ARIN Service Region" since by ARIN's own bylaws, people outside that geographic region can be ARIN customers.


> 3. We agree that users should be allowed to register multiple hardware security keys. The question is: What is the optimal number of keys that should be allowed to be registered?

Functionally infinite.  Why on earth would you set a hard-coded limit?  It's not like an additional database table is expensive.  If you have to set a limit, it should be something large like 2^32.


-Adam