<div dir="ltr">You currently have:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><ol style="box-sizing:border-box;margin-top:0px;margin-bottom:1rem;color:rgb(51,51,51);font-family:-apple-system,"system-ui","segoe ui",Roboto,"helvetica neue",Arial,"noto sans",sans-serif,"apple color emoji","segoe ui emoji","segoe ui symbol","noto color emoji";font-size:16px"><li style="box-sizing:border-box;margin-bottom:0.5rem">Open your third-party authenticator application. Choose one of the following:</li></ol><ul style="box-sizing:border-box;margin-top:0px;margin-bottom:1rem;color:rgb(51,51,51);font-family:-apple-system,"system-ui","segoe ui",Roboto,"helvetica neue",Arial,"noto sans",sans-serif,"apple color emoji","segoe ui emoji","segoe ui symbol","noto color emoji";font-size:16px"><li style="box-sizing:border-box;margin-bottom:0.5rem">Enter the 16-character key that is displayed in ARIN Online into your authenticator application; or</li><li style="box-sizing:border-box;margin-bottom:0.5rem">Choose <span style="box-sizing:border-box;font-weight:bolder">Show QR Code</span> and scan the code with your authenticator application.</li></ul></blockquote><div>You could add a section near there with usability tips. It should point out the possibility and extra convenience of putting the TOTP into password managers like 1Password and BitWarden, and for those not doing so, provide some guidance on how to ensure that your third-party authenticator application allows you to store your TOTP on more than one device (or otherwise back it up). It would also be useful to link to another page (written by ARIN or by the maker of each password manager) with per-application instructions (likely with screenshots) of how to add the TOTP to the password manager. It's not ARIN's job to directly support third-party authenticator applications, but IMO there is a best-practices gap that ARIN could fill here.</div><div><br></div><div>-Scott</div><div> </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, May 25, 2022 at 8:44 AM John Curran <<a href="mailto:jcurran@arin.net">jcurran@arin.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div style="overflow-wrap: break-word;">
<br>
<div><br>
<blockquote type="cite">
<div>On 25 May 2022, at 11:40 AM, Scott Leibrand <<a href="mailto:scottleibrand@gmail.com" target="_blank">scottleibrand@gmail.com</a>> wrote:</div>
<br>
<div>
<div dir="ltr">
<div>Putting TOTP in 1Password makes login far more convenient than SMS 2FA, and almost as convenient as password-only, even for shared accounts.</div>
<div><br>
</div>
ARIN should probably provide instructions for how to add your TOTP to 1Password (and any other password managers that support that workflow), because it's not a very intuitive enrollment experience.</div>
</div>
</blockquote>
<div><br>
</div>
Scott - </div>
<div><br>
</div>
<div>Instructions for adding 2FA via TOTP are available here (this is what all of the ARIN 2FA documentation points to) – <a href="https://www.arin.net/reference/materials/security/twofactor/" target="_blank">https://www.arin.net/reference/materials/security/twofactor/</a></div>
<div><br>
</div>
<div>Do you have any suggestions for improvement?</div>
<div><br>
</div>
<div>Thanks!</div>
<div>/John</div>
<div><br>
</div>
<div>
<div>John Curran</div>
<div>President and CEO</div>
<div>American Registry for Internet Numbers</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
</blockquote></div>