ACSP Suggestion 2024.1: Multi-factor authentication option for API keys
Author: Rich Compton
Submitted On: 05 January 2024
Description: Create some sort of MFA for API keys. Perhaps an option to only allow an API key to connect from a particular IP address or subnet. Or perhaps the API key is only valid for a certain period of time before it expires.
Value to Community: If an API key is accidentally divulged in a breach the key cannot be used by attackers.
Timeframe: Not specified
Status: Open Updated: 16 January 2024
16 January 2024
Thank you for your suggestion, numbered 2024.1 upon confirmed receipt, asking that ARIN implement some form of multi-factor authentication (MFA) for API keys. ARIN agrees that this would be a good improvement to the security of ARIN systems.
We will investigate the requirements to build this new feature and schedule it for future development. Your suggestion will remain open until implemented.
Thank you for participating in the ARIN Consultation and Suggestion Process.
American Registry for Internet Numbers (ARIN)