ACSP Suggestion 2024.1: Multi-factor authentication option for API keys

Suggestion

Author: Rich Compton   
Submitted On: 05 January 2024

Description: Create some sort of MFA for API keys. Perhaps an option to only allow an API key to connect from a particular IP address or subnet. Or perhaps the API key is only valid for a certain period of time before it expires.

Value to Community: If an API key is accidentally divulged in a breach the key cannot be used by attackers.

Timeframe: Not specified

Status: Open   Updated: 16 January 2024

Tracking Information

ARIN Comment

16 January 2024

Thank you for your suggestion, numbered 2024.1 upon confirmed receipt, asking that ARIN implement some form of multi-factor authentication (MFA) for API keys. ARIN agrees that this would be a good improvement to the security of ARIN systems.

We will investigate the requirements to build this new feature and schedule it for future development. Your suggestion will remain open until implemented.

Thank you for participating in the ARIN Consultation and Suggestion Process.

Regards,

American Registry for Internet Numbers (ARIN)