ACSP Suggestion 2013.8: Deploy Two-Factor Authentication
Suggestion
Author: Kevin Blumberg
Submitted On: 24 April 2013
Description: I propose that ARIN deploy two factor authentication across as many systems as practical. I would suggest giving non-staff multiple options including Smartphone support, hardware tokens, and possibly SMS backup. The system should be a “one to many” in cases with individuals having multiple ORG’s.
Timeframe: Immediate
Status: Closed Updated: 01 October 2015
Tracking Information
ARIN Comment
22 May 2013
We agree that enhanced authentication options would be an added benefit to security-conscious ARIN members. We will look into various methods and will propose a solution at the fall 2013 member meeting that can be prioritized accordingly.
This suggestion will remain open.
ARIN Comment
26 September 2013
As part of the ARIN 32 ACSP Consultation: Open Suggestion Review and Project Prioritization Survey, we’re providing feedback and estimates on the predicted work involved. For this suggestion, the following is noted:
Option a) 3 Person Months With Vendor – This assumes we can find a vendor that can send text/SMS to any number and can provide libraries for such purposes and has pre-canned javascript code for our website for the express purpose of doing two factor authentication. It would still require us to integrate their libraries and store codes in our database.
Option b) 12 Person Months In House – This assumes we have to figure out SMS gateways to all phone companies and develop any Javascript/cookie libraries in addition to storing codes in our database.
For information about the consultation and how to participate in the survey, please see the 26 September 2013 announcement.
ARIN Comment
01 October 2015
Thank you for your suggestion, numbered 2013.8 on confirmed receipt, asking that ARIN deploy two-factor authentication. This functionality was deployed on 12 September 2015. Details are available at: https://www.arin.net/features/twofactor.html
Because this work has been completed, we are closing your suggestion. Please let us know if we misunderstood or did not implement your suggestion correctly. Thank you for your participation in the ARIN Suggestion and Consultation Process.