[ARIN-consult] Consultation on Expanding 2FA Options for ARIN Online
Glen A. Pearce
arin-consult at ve4.ca
Wed Jan 25 06:55:19 EST 2023
On 24/01/2023 1:16 p.m., Ross Tajvar wrote:
> > 1. Would you support ARIN offering email as an additional 2FA method?
> *No.* Email can be used to reset one's password. If it's used for
> one-time login codes as well, that's only one authentication factor.
> An email compromise could therefore easily result in account takeover,
> which defeats the purpose of 2FA.
Perhaps allow it with a specification that the E-mail address used for
2FA be a different
one than the E-mail address used for account recovery and an explanation
so that people
understand why it has to be a separate address. Also include a
suggestion that (like
everything else) for this reason passwords should not be re-used.
--
Glen A. Pearce
gap at ve4.ca
Network Manager, Webmaster, Bookkeeper, Fashion Model and Shipping Clerk.
Very Eager 4 Tees
http://www.ve4.ca
ARIN Handle VET-17
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20230125/6a173d46/attachment.htm>
More information about the ARIN-consult
mailing list