[ARIN-Suggestions] New ACSP Suggestions and Responses

[ARIN]

Two new suggestions have been received (2022.28 and 2022.29), and responses from ARIN have been posted for both. You may find the new suggestions and latest responses from ARIN at the links below.

Regards,

American Registry for Internet Numbers (ARIN)

--------
2022.28: Add Email as a Two-Factor Authentication Method
https://www.arin.net/participate/community/acsp/suggestions/2022/2022-28/ 

Author: Al Whaley   
Submitted On: 3 November 2022

Description: Allow email for 2FA (two factor authentication) for accessing an ARIN account.

Value to Community: Many of us are not allowed to use personal cell phones for professional work, a restriction that seems appropriate. Limiting authentication to cell phones is not professional. Using work emails is professional. Security is generally better with email than with SMS. At a minimum email should be an option for 2FA for accessing our ARIN accounts.

Timeframe: Not specified

Status: Open   Updated: 7 November 2022

Response from ARIN: Thank you for your suggestion, numbered 2022.28 on confirmed receipt, requesting that ARIN allow email for two-factor authentication (2FA).

ARIN will have four options for customers to set up 2FA on their ARIN Online accounts prior to 1 February 2023, when we require accounts to be secured:

- Time-based One-time Password (TOTP) using an authenticator of your choice
- Short Message Service SMS or Voice Call for customers within the ARIN service region
- FIDO2/Passkey (available January 2023)

We continue to receive input from customers for additional options, and plan to conduct a Community Consultation to assess support for continued development related to 2FA for ARIN Online accounts. Your suggestion will remain open pending the outcome of the consultation and any potential related development effort.

Thank you for participating in the ARIN Consultation and Suggestion Process.

---------
2022.29: Allow Phone Numbers Outside of the ARIN Region to be Eligible for SMS Two-Factor Authentication
https://www.arin.net/participate/community/acsp/suggestions/2022/2022-29/ 

Author: Andy Beverly   
Submitted On: 03 November 2022

Description: Enable non-ARIN mobile numbers for SMS 2-factor authentication

Value to Community: This would enable administrators who have a mobile phone number outside of the ARIN region to be able to use SMS for 2-factor authentication.

Timeframe: Not specified

Status: Open   Updated: 07 November 2022

Response from ARIN: Thank you for your suggestion, numbered 2022.29 on confirmed receipt, requesting that ARIN enable SMS for two-factor authentication (2FA) for customers who reside outside the ARIN service region.

ARIN will have four options for customers to set up 2FA on their ARIN Online accounts prior to 1 February 2023, when we require accounts to be secured:

- Time-based One-time Password (TOTP) using an authenticator of your choice
- Short Message Service SMS or Voice Call for customers within the ARIN service region
- FIDO2/Passkey (available January 2023)

We continue to receive input from customers for additional options, and plan to conduct a Community Consultation to assess support for continued development related to 2FA for ARIN Online accounts. Your suggestion will remain open pending the outcome of the consultation and any potential related development effort.

Thank you for participating in the ARIN Consultation and Suggestion Process.