ARIN to Enforce 2FA on all ARIN Online Accounts Starting 1 February 2023

Posted: Tuesday, 01 November 2022

Beginning 1 February 2023, ARIN will require two-factor authentication (2FA) on all ARIN Online accounts. Customers will be able to choose between Time-Based One-Time password (TOTP), SMS-based, and Fast Identity Online 2 (FIDO2/Passkey).

We had initially planned to enforce 2FA following the deployment of SMS-based 2FA, but we opted to delay the implementation of enforcing 2FA for all ARIN Online accounts until we were able to complete implementation of FIDO2 due to significant community feedback received during our community consultation on this change.

FIDO2/Passkey support is pending release in January 2023. You can learn more about your 2FA options by visiting our website: https://www.arin.net/reference/materials/security/twofactor/

By requiring 2FA for ARIN Online accounts that control number resources, the ARIN community should see stronger security for the registry, reduced risk of account fraud attempts, and increased confidence in the integrity of their ARIN resources.

We strongly encourage account holders to set up 2FA in advance of the flag day for enforcement so that this change is not interruptive to your account access after 1 February 2023.

Regards,

John Curran
President and CEO
American Registry for Internet Numbers (ARIN)

Helpful Resources:

Need help setting up your 2FA? Visit https://www.arin.net/2fa to get started. You’ll find guides on enabling 2FA via an authenticator application such as Google Authenticator, SMS or Voice, and (coming soon) FIDO2.

We also provide information on how to receive and save your 2FA recovery codes, as well as what to do if you’ve lost access to your authenticator or SMS/Voice phone number.