Most services that implement 2FA using SMS and/or Email have been compromised multiple times. Services that implement 2FA using TOTP or even App-based Push Notifications have not. If someone has your ARIN login, and you use the same passwords on ARIN as you do with your email provider, then they have access to your email account. And they can impersonate you to ARIN using the emailed code. Beckman On Tue, 24 May 2022, Raymond Burkholder wrote:
What about optional additional second factor of sending out an email with digits to enter or a link to confirm login / some other critical operation?
--------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com https://www.angryox.com/ ---------------------------------------------------------------------------