ACSP Suggestion 2019.14: Implement FIDO2 (WebAuthn) for ARIN Online
Submitted On: 17 May 2019
Description: Implement FIDO2 (WebAuthn) for ARIN Online as an optional authenticator to eliminate passwords entirely.
Value to Community:
Passwords and OTP can be complex, and often result in reluctance to implement proper protections of ARIN Online accounts. Implementation of WebAuthn and FIDO2 can offer an alternative to not only eliminate passwords but at the same time provide strong authentication (as Microsoft Windows 10 and Azure does with FIDO2 authenticaters).
Note that best practice is always to ensure that you have a backup Security Key in place, so allowing more than one key is likely important allowing one to place the backup key in a secure location.
FWIW, this was mentioned at the mic at the recent meeting, but as I did not write down the name of the proposer, I cannot give proper credit.
Timeframe: Not specified
Status: Open Updated: 22 May 2019
31 May 2019
Thank you for your suggestion, numbered 2019.14 upon confirmed receipt, that ARIN implement FIDO2 (WebAuthn) for ARIN Online.
This suggestion will remain open for consideration alongside other potential improvements to our ARIN Online login functionality for inclusion on our future work plan.