[GTER] ARIN passará a exigir 2FA no acesso ao portal

Douglas Fischer fischerdouglas at gmail.com
Tue Nov 1 18:52:00 -03 2022 

Quais seriam os impedimentos estimados para impor MFA no Registro.BR para
tudo que for numeração?

9K ASNs, talvez uns 15K Handlers.

Em ter., 1 de nov. de 2022 às 14:42, Rubens Kuhl via gter <
gter at eng.registro.br> escreveu:

> Não dá para fugir com recurso de numeração... e as transferências nem
> são baseadas em login no portal.
> Dá para bagunçar com DNS reverso, desativar RPKI...
>
> ... notar que o ARIN tem hosted-RPKI, o que aumenta um pouco a
> possibilidade de dano causado por um comprometimento de conta.
>
> Talvez se um dia o Registro.br tiver hosted-RPKI, colocar MFA como
> requisito ?
>
> Em tempo: no Registro.br já dá para usar FIDO2 (Yubikey e similares)
> para qualquer ID, inclusive os de recurso de numeração.
>
>
> Rubens
>
>
>
> On Tue, Nov 1, 2022 at 12:38 PM Douglas Fischer via gter
> <gter at eng.registro.br> wrote:
> >
> > Para toda conta que tem acesso a recursos numéricos deveria ser
> obrigatório.
> >
> > Em ter., 1 de nov. de 2022 às 14:00, Andre Bolzan <
> > andre.bolzan at fixfibra.com.br> escreveu:
> >
> > > Acho que não deve demorar ....
> > >
> > > O portal do Simet já está com 2 fatores.
> > >
> > > Devem estar testando onde se der problema doe menos ... Por
> registro.br
> > > tem MUITA gente que usa... mais de 5 milhões de Domínios ;)
> > >
> > > Em ter., 1 de nov. de 2022 às 13:01, Douglas Fischer via gter <
> > > gter at eng.registro.br> escreveu:
> > >
> > >> Bem que o Registro.BR poderia seguir na mesma linha, não é mesmo?
> > >>
> > >> ---------- Forwarded message ---------
> > >> De: John Curran <jcurran at arin.net>
> > >> Date: ter., 1 de nov. de 2022 às 12:12
> > >> Subject: NOTICE - Change in access to ARIN Online (was: Fwd:
> > >> [arin-announce] ARIN to Enforce 2FA on all ARIN Online Accounts
> Starting 1
> > >> February 2023)
> > >> To: North American Network Operators' Group <nanog at nanog.org>
> > >>
> > >>
> > >> NANOGers -
> > >>
> > >> Important information - please note this change will affect how
> access to
> > >> your ARIN Online account and related administration of your number
> > >> resources.
> > >>
> > >> FYI,
> > >> /John
> > >>
> > >> John Curran
> > >> President and CEO
> > >> American Registry for Internet Numbers
> > >>
> > >>
> > >> Begin forwarded message:
> > >>
> > >> *From: *ARIN <info at arin.net>
> > >> *Subject: **[arin-announce] ARIN to Enforce 2FA on all ARIN Online
> > >> Accounts
> > >> Starting 1 February 2023*
> > >> *Date: *1 November 2022 at 10:10:10 AM EDT
> > >> *To: *"arin-announce at arin.net" <arin-announce at arin.net>
> > >>
> > >> Beginning 1 February 2023, ARIN will require Two-Factor Authentication
> > >> (2FA) on all ARIN Online accounts. Customers will be able to choose
> > >> between
> > >> Time-Based One-Time password (TOTP), SMS-based, and Fast Identity
> Online 2
> > >> (FIDO2).
> > >>
> > >> We had initially planned to enforce 2FA following the deployment of
> > >> SMS-based 2FA, but we opted to delay the implementation of enforcing
> 2FA
> > >> for all ARIN Online accounts until we were able to complete
> implementation
> > >> of FIDO2 due to significant community feedback received during our
> > >> community consultation (
> > >> https://www.arin.net/announcements/20220524-consultopen/) on this
> change.
> > >>
> > >> FIDO2 support is pending release on 19 December 2022. You can learn
> more
> > >> about your 2FA options by visiting our website:
> > >> https://www.arin.net/reference/materials/security/twofactor/
> > >>
> > >> By requiring 2FA for ARIN Online accounts that control number
> resources,
> > >> the ARIN community should see stronger security for the registry,
> reduced
> > >> risk of account fraud attempts, and increased confidence in the
> integrity
> > >> of their ARIN resources.
> > >>
> > >> We strongly encourage account holders to set up 2FA in advance of the
> flag
> > >> day for enforcement so that this change is not interruptive to your
> > >> account
> > >> access after 1 February 2023.
> > >>
> > >> Regards,
> > >>
> > >> John Curran
> > >> President and CEO
> > >> American Registry for Internet Numbers (ARIN)
> > >>
> > >> HELPFUL RESOURCES:
> > >>
> > >> Need help setting up your two-factor authentication? Visit
> > >> https://www.arin.net/2fa to get started. You’ll find guides on
> enabling
> > >> 2FA
> > >> via an authenticator application such as Google Authenticator, SMS or
> > >> Voice, and (coming soon) FIDO2.
> > >>
> > >> We also provide information on how to receive and save your 2FA
> recovery
> > >> codes, as well as what to do if you’ve lost access to your
> authenticator
> > >> or
> > >> SMS/Voice phone number.
> > >>
> > >>
> > >>
> > >>
> > >> --
> > >> Douglas Fernando Fischer
> > >> Engº de Controle e Automação
> > >> --
> > >> gter list    https://eng.registro.br/mailman/listinfo/gter
> > >>
> > >
> > >
> > > --
> > >
> > > *André Bolzan Saar*
> > >
> > > *Services Delivery*
> > > *+55 11 98205-7742*
> > >
> >
> >
> > --
> > Douglas Fernando Fischer
> > Engº de Controle e Automação
> > --
> > gter list    https://eng.registro.br/mailman/listinfo/gter
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter
>


-- 
Douglas Fernando Fischer
Engº de Controle e Automação

More information about the gter mailing list