[ARIN-consult] Consultation on Expanding 2FA Options for ARIN Online
David Farmer
farmer at umn.edu
Tue Jan 24 16:31:59 EST 2023
On Tue, Jan 24, 2023 at 12:53 PM ARIN <info at arin.net> wrote:
> 1. Would you support ARIN offering email as an additional 2FA method?
>
As mentioned, email is used for password changes; also, allowing it for 2FA
is a bad idea.
2. Given that 13% of web user accounts list phone numbers outside the ARIN
> service region, should we widen the availability of SMS, or are the other
> offered 2FA options sufficient to meet the needs of these users?
>
As SMS has several weaknesses, I prefer SMS was not allowed at all.
Nevertheless, if SMS is allowed, I don't see the point in restricting it to
the ARIN service region. Furthermore, it could be more important for those
outside the ARIN service region in case of technology restrictions or
embargos on the more secure FIDO or TOTP technologies.
> 3. We agree that users should be allowed to register multiple hardware
> security keys. The question is: What is the optimal number of keys that
> should be allowed to be registered?
>
10 is a reasonable limit.
--
===============================================
David Farmer Email:farmer at umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 612-626-0815
Minneapolis, MN 55414-3029 Cell: 612-812-9952
===============================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20230124/9a2e588b/attachment-0001.htm>
More information about the ARIN-consult
mailing list