[ARIN-consult] Consultation on Expanding 2FA Options for ARIN Online

Glen A. Pearce arin-consult at ve4.ca
Wed Jan 25 06:55:19 EST 2023



On 24/01/2023 1:16 p.m., Ross Tajvar wrote:
> > 1. Would you support ARIN offering email as an additional 2FA method?
> *No.* Email can be used to reset one's password. If it's used for 
> one-time login codes as well, that's only one authentication factor. 
> An email compromise could therefore easily result in account takeover, 
> which defeats the purpose of 2FA.

Perhaps allow it with a specification that the E-mail address used for 
2FA be a different
one than the E-mail address used for account recovery and an explanation 
so that people
understand why it has to be a separate address.  Also include a 
suggestion that (like
everything else) for this reason passwords should not be re-used.

-- 
Glen A. Pearce
gap at ve4.ca
Network Manager, Webmaster, Bookkeeper, Fashion Model and Shipping Clerk.
Very Eager 4 Tees
http://www.ve4.ca
ARIN Handle VET-17
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20230125/6a173d46/attachment.htm>


More information about the ARIN-consult mailing list