<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><br>
</p>
<div class="moz-cite-prefix">On 5/24/22 6:46 PM, ARIN wrote:<br>
</div>
<blockquote type="cite"
cite="mid:B16358D3-5D2E-43F5-89D8-D4555C1392AE@arin.net">
<pre class="moz-quote-pre" wrap="">**Background**
In 2015, ARIN deployed a Time-Based One-Time password (TOTP) implementation of Two-Factor Authentication (2FA). Since the time of implementing that login security feature, 3.2 percent of ARIN Online users have opted to use 2FA with their accounts.</pre>
</blockquote>
<p><br>
</p>
<p>Years back, I added TOTP (Time based one time password) to the
front end of my "Virtual Web" management system (I sell domains -
etc). The TOTP APP is easy to install on any modern mobile device
(I use mOTP). I allow the customer to configure their TOTP backend
"OTP management" codes and to also test that the TOTP works
locally before enforcing it.</p>
<p><img src="cid:part1.2B6D0AB1.A2548E79@posix.co.za" alt=""><br>
(the grey text above are prompts)<br>
</p>
<p>This is also combined with the ability to specify an access list
made up of multiple network blocks from where the OTP is not
needed, that is some machines with static IP's on the persons home
network. To enforce OTP - just use an address such as 1.0.0.0/32
(or similar). This access list is similar to some of the
validation that EPP uses. The php code was not too complicated.
Using TOTP is free - no SMS's - etc.<br>
</p>
<p>One then has the best of both worlds - some secure locations from
where OTP is not required and the OTP's for other (transient)
locations.</p>
<p>TOTP security is optional - so of course very few customers use
it (1% or so) - but it is there!<br>
Education would be necessary. I provide the following...</p>
<p><img src="cid:part2.BFA9638A.60C76929@posix.co.za" alt=""></p>
<div class="moz-signature">-- <br>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title></title>
<p>Mark James ELKINS - Posix Systems - (South) Africa<br>
<a class="moz-txt-link-abbreviated" href="mailto:mje@posix.co.za">mje@posix.co.za</a> Tel: <a href="tel:+27826010496">+27.826010496</a><br>
<br>
<br>
<br>
</p>
</div>
</body>
</html>