ACSP Suggestion 2022.28: Add Email as a Two-Factor Authentication Method
Author: Al Whaley
Submitted On: 03 November 2022
Description: Allow email for 2FA (two factor authentication) for accessing an ARIN account.
Value to Community: Many of us are not allowed to use personal cell phones for professional work, a restriction that seems appropriate. Limiting authentication to cell phones is not professional. Using work emails is professional. Security is generally better with email than with SMS. At a minimum email should be an option for 2FA for accessing our ARIN accounts.
Timeframe: Not specified
Status: Open Updated: 07 November 2022
7 November 2022
Thank you for your suggestion, numbered 2022.28 on confirmed receipt, requesting that ARIN allow email for two-factor authentication (2FA).
ARIN will have four options for customers to set up 2FA on their ARIN Online accounts prior to 1 February 2023, when we require accounts to be secured:
- Time-based One-time Password (TOTP) using an authenticator of your choice
- Short Message Service SMS or Voice Call for customers within the ARIN service region
- FIDO2/Passkey (available January 2023)
We continue to receive input from customers for additional options, and plan to conduct a Community Consultation to assess support for continued development related to 2FA for ARIN Online accounts. Your suggestion will remain open pending the outcome of the consultation and any potential related development effort.
Thank you for participating in the ARIN Consultation and Suggestion Process.
American Registry for Internet Numbers (ARIN)