[ARIN-Suggestions] Response to ACSP 2019.14: Implement FIDO2 (WebAuthn) for ARIN Online
info at arin.net
Fri May 31 12:48:15 EDT 2019
On 29 May, we issued a response to ACSP 2019.14: Implement FIDO2
(WebAuthn) for ARIN Online. Please see the full text of our response and
the suggestion below or online at:
Thank you for your suggestion, numbered 2019.14 upon confirmed receipt,
that ARIN implement FIDO2 (WebAuthn) for ARIN Online.
This suggestion will remain open for consideration alongside other
potential improvements to our ARIN Online login functionality for
inclusion on our future work plan.
Passwords and OTP can be complex, and often result in reluctance to
implement proper protections of ARIN Online accounts. Implementation of
WebAuthn and FIDO2 can offer an alternative to not only eliminate
passwords but at the same time provide strong authentication (as
Microsoft Windows 10 and Azure does with FIDO2 authenticaters).
Note that best practice is always to ensure that you have a backup
Security Key in place, so allowing more than one key is likely important
allowing one to place the backup key in a secure location.
FWIW, this was mentioned at the mic at the recent meeting, but as I did
not write down the name of the proposer, I cannot give proper credit.
Communications and Member Services
American Registry for Internet Numbers (ARIN)
More information about the arin-suggestions