Your IP address could not be determined at this time.

ACSP Suggestion 2013.8: Deploy Two-Factor Authentication

Suggestion

Author:
Kevin Blumberg
Submitted On:
24 April 2013

I propose that ARIN deploy two factor authentication across as many systems as practical. I would suggest giving non-staff multiple options including Smartphone support, hardware tokens, and possibly SMS backup. The system should be a "one to many" in cases with individuals having multiple ORG's.

Timeframe: Immediate

Status:
Open
Updated:
26 September 2013

Tracking Information

ARIN Comment

22 May 2013

We agree that enhanced authentication options would be an added benefit to security-conscious ARIN members. We will look into various methods and will propose a solution at the fall 2013 member meeting that can be prioritized accordingly.

This suggestion will remain open.

ARIN Comment

26 September 2013

As part of the ARIN 32 ACSP Consultation: Open Suggestion Review and Project Prioritization Survey, we're providing feedback and estimates on the predicted work involved. For this suggestion, the following is noted:

Option a) 3 Person Months With Vendor – This assumes we can find a vendor that can send text/SMS to any number and can provide libraries for such purposes and has pre-canned javascript code for our website for the express purpose of doing two factor authentication. It would still require us to integrate their libraries and store codes in our database.

Option b) 12 Person Months In House – This assumes we have to figure out SMS gateways to all phone companies and develop any Javascript/cookie libraries in addition to storing codes in our database.

For information about the consultation and how to participate in the survey, please see the 26 September 2013 announcement.