[GTER] ARIN passará a exigir 2FA no acesso ao portal

Rubens Kuhl rubensk at gmail.com
Tue Nov 1 14:42:07 -03 2022 

Não dá para fugir com recurso de numeração... e as transferências nem
são baseadas em login no portal.
Dá para bagunçar com DNS reverso, desativar RPKI...

... notar que o ARIN tem hosted-RPKI, o que aumenta um pouco a
possibilidade de dano causado por um comprometimento de conta.

Talvez se um dia o Registro.br tiver hosted-RPKI, colocar MFA como requisito ?

Em tempo: no Registro.br já dá para usar FIDO2 (Yubikey e similares)
para qualquer ID, inclusive os de recurso de numeração.


Rubens



On Tue, Nov 1, 2022 at 12:38 PM Douglas Fischer via gter
<gter at eng.registro.br> wrote:
>
> Para toda conta que tem acesso a recursos numéricos deveria ser obrigatório.
>
> Em ter., 1 de nov. de 2022 às 14:00, Andre Bolzan <
> andre.bolzan at fixfibra.com.br> escreveu:
>
> > Acho que não deve demorar ....
> >
> > O portal do Simet já está com 2 fatores.
> >
> > Devem estar testando onde se der problema doe menos ... Por registro.br
> > tem MUITA gente que usa... mais de 5 milhões de Domínios ;)
> >
> > Em ter., 1 de nov. de 2022 às 13:01, Douglas Fischer via gter <
> > gter at eng.registro.br> escreveu:
> >
> >> Bem que o Registro.BR poderia seguir na mesma linha, não é mesmo?
> >>
> >> ---------- Forwarded message ---------
> >> De: John Curran <jcurran at arin.net>
> >> Date: ter., 1 de nov. de 2022 às 12:12
> >> Subject: NOTICE - Change in access to ARIN Online (was: Fwd:
> >> [arin-announce] ARIN to Enforce 2FA on all ARIN Online Accounts Starting 1
> >> February 2023)
> >> To: North American Network Operators' Group <nanog at nanog.org>
> >>
> >>
> >> NANOGers -
> >>
> >> Important information - please note this change will affect how access to
> >> your ARIN Online account and related administration of your number
> >> resources.
> >>
> >> FYI,
> >> /John
> >>
> >> John Curran
> >> President and CEO
> >> American Registry for Internet Numbers
> >>
> >>
> >> Begin forwarded message:
> >>
> >> *From: *ARIN <info at arin.net>
> >> *Subject: **[arin-announce] ARIN to Enforce 2FA on all ARIN Online
> >> Accounts
> >> Starting 1 February 2023*
> >> *Date: *1 November 2022 at 10:10:10 AM EDT
> >> *To: *"arin-announce at arin.net" <arin-announce at arin.net>
> >>
> >> Beginning 1 February 2023, ARIN will require Two-Factor Authentication
> >> (2FA) on all ARIN Online accounts. Customers will be able to choose
> >> between
> >> Time-Based One-Time password (TOTP), SMS-based, and Fast Identity Online 2
> >> (FIDO2).
> >>
> >> We had initially planned to enforce 2FA following the deployment of
> >> SMS-based 2FA, but we opted to delay the implementation of enforcing 2FA
> >> for all ARIN Online accounts until we were able to complete implementation
> >> of FIDO2 due to significant community feedback received during our
> >> community consultation (
> >> https://www.arin.net/announcements/20220524-consultopen/) on this change.
> >>
> >> FIDO2 support is pending release on 19 December 2022. You can learn more
> >> about your 2FA options by visiting our website:
> >> https://www.arin.net/reference/materials/security/twofactor/
> >>
> >> By requiring 2FA for ARIN Online accounts that control number resources,
> >> the ARIN community should see stronger security for the registry, reduced
> >> risk of account fraud attempts, and increased confidence in the integrity
> >> of their ARIN resources.
> >>
> >> We strongly encourage account holders to set up 2FA in advance of the flag
> >> day for enforcement so that this change is not interruptive to your
> >> account
> >> access after 1 February 2023.
> >>
> >> Regards,
> >>
> >> John Curran
> >> President and CEO
> >> American Registry for Internet Numbers (ARIN)
> >>
> >> HELPFUL RESOURCES:
> >>
> >> Need help setting up your two-factor authentication? Visit
> >> https://www.arin.net/2fa to get started. You’ll find guides on enabling
> >> 2FA
> >> via an authenticator application such as Google Authenticator, SMS or
> >> Voice, and (coming soon) FIDO2.
> >>
> >> We also provide information on how to receive and save your 2FA recovery
> >> codes, as well as what to do if you’ve lost access to your authenticator
> >> or
> >> SMS/Voice phone number.
> >>
> >>
> >>
> >>
> >> --
> >> Douglas Fernando Fischer
> >> Engº de Controle e Automação
> >> --
> >> gter list    https://eng.registro.br/mailman/listinfo/gter
> >>
> >
> >
> > --
> >
> > *André Bolzan Saar*
> >
> > *Services Delivery*
> > *+55 11 98205-7742*
> >
>
>
> --
> Douglas Fernando Fischer
> Engº de Controle e Automação
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter

More information about the gter mailing list