[ARIN-consult] [ARIN-Consult] Consultation on Expanding 2FA Options for ARIN Online

Glen A. Pearce arin-consult at ve4.ca
Wed Jan 25 07:37:30 EST 2023


On 24/01/2023 3:40 p.m., Adam Thompson wrote:
>
> I DO NOT WANT SECURITY that presents any significant chance of denying 
> me access to my own accounts and resources.  SMS or email-based 2FA 
> schemes are a giant PITA, but both are fairly easily recoverable when 
> (not if) I lose access to them.  Are they good 2FA?  No.  Absolutely 
> not.  Are they better than nothing?  Yes.
>
> This entire discussion feels like https://xkcd.com/538/ to me.  If 
> someone wants access to my ARIN resources, one of the easier ways in 
> would be to physically threaten me or my family, and the best 2FA 
> implementations in the world do nothing (AFAIK) to protect against 
> that.  The specific technique or technology involved won’t make any 
> difference.
>

Pretty much my point in the previous consultation:

https://lists.arin.net/pipermail/arin-consult/2022-May/001665.html

Intruder traps or me carrying a firearm would probably do more to secure my
ARIN account (as a side effect of securing myself and my premises) than any
2FA would.  Both of these measures pose...issues...under Canadian law 
though...

Even the part from the mouse-over comment on that comic:

 >Actual actual reality: nobody cares about his secrets.

Lines up with my comment:

 >That said although IP space is valuable I don't think we are anywhere
 >near people being kidnapped over it, especially a /24 that isn't eligible
 >for a specified transfer for another 3 years.

-- 
Glen A. Pearce
gap at ve4.ca
Network Manager, Webmaster, Bookkeeper, Fashion Model and Shipping Clerk.
Very Eager 4 Tees
http://www.ve4.ca
ARIN Handle VET-17
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20230125/2d3faee1/attachment.htm>


More information about the ARIN-consult mailing list