Two-Factor Authentication, by Byron Ellacott. A presentation given at APNIC 38 during the APNIC Services session.

1. Two-Factor
Authentication

2. In this talk
• Why a change is being proposed
• What is the proposed change
• A request for feedback
2

3. Why is a change being made?
• X.509 Certificates have been used since 2002 for MyAPNIC
• Highly secure, but difficult to work with
• A common theme in feedback is to make a change
3

4. What is the proposed change?
• X.509 Certificates are a form of two-factor authentication
• The APNIC Secretariat will implement an alternative form:
– Open standards based “TOTP”
– Open implementations of authentication devices exist
• X.509 and TOTP will work side-by-side as alternatives
4

5. How will it work?
• Choose your authentication mechanism
– Switching to TOTP is an option
• Choose your authentication device
– Wide support for smart phones
• Activate TOTP on your APNIC user account
5

6. Logging in with TOTP
• User ID and password continue as normal
• You will be prompted for a six-digit code
• Your smart phone will provide you with the code
6

7. A request for feedback
• Is this work the APNIC membership would like to see done?
• Would the membership like X.509 support retained beyond
a transition period as a choice?
• Does the membership agree with the proposal to use
TOTP?
• Blog post up on this subject
– https://blog.apnic.net/
– Please leave your feedback!
7

8. 8