ACSP Suggestion 2023.10: Give ARIN Online Users the Option to Trust a Browser to Bypass Two-Factor Authentication

Suggestion

Author: Owen DeLong   
Submitted On: 24 July 2023

Description: Give users option of trusting a browser for 180+ days to bypass 2FA like most other sites with 2FA do.

Value to Community: Reduce the amount of time wasted with 2FA for every single login. Someone who has logged in recently from a known browser/system with 2FA doesn’t really need to be challenged for 2FA again for at least some reasonable period of time. I propose ≥180 days is reasonable and widely practiced in the industry.

Timeframe: Not specified

Status: Closed   Updated: 29 March 2024

Tracking Information

ARIN Comment

29 March 2024

Thank you for your suggestion, numbered 2023.10 on confirmed receipt, asking ARIN to allow a trusted browser to bypass 2FA for 180 days.

Our existing account security policy permits users to stay logged in to ARIN Online for up to seven days but requires reauthentication in the event of session termination and subsequent login. There is an outstanding suggestion, 2017.1, proposing the implementation of a 30-day “remember me” feature for multifactor authentication, which is open for consideration. When modifications to this security policy are next under review, ARIN will review the potential adoption of an extended “remember me” feature.

Because there is another open suggestion to consider allowing ARIN Online to recognize a trusted browser for an extended period without reauthenticating, we are closing your suggestion and retaining the earlier one until a definitive course of action is determined.

Thank you for participating in ARIN’s Consultation and Suggestion Process.

Regards,

American Registry for Internet Numbers (ARIN)