Two-Factor Authentication
How do I enable two-factor authentication?
Two-factor authentication (2FA) is a mandatory security feature that adds an extra layer of protection to your RIPE NCC Access account. At the moment, we offer two authentication methods you can use:
- An authenticator application
- A passkey (either software or hardware)
Try to log in
When you try to log in to your RIPE NCC Access account, you will be prompted to check your inbox.
Follow the instructions in the email we send you.

Click the link in the email
Click the link in the email from us and follow the instructions to set up two-factor authentication for your account.
The link will expire one hour after we send it.
Choose a 2FA method:
You can choose from two 2FA methods:
- Authenticator app
- Passkey
Authenticator app
Install one of the following authenticator apps:
- FREEOTP
- Microsoft Authenticator
- Google Authenticator
You can also use a password manager like 1Password or OKTA.
Set up your authenticator app
- Open your chosen authenticator app
- Then, either scan the QR-code on the set up screen or enter the secret key manually
- Add the one-time code from the app to the Authenticator app set up page
- You will also need to add a device name to identify the authentication app
Copy the recovery codes
- Copy the recovery codes from the set up screen and keep them safe
- You have the option to print, download or copy the codes.
- Tick the box to confirm you have saved the codes and click ‘activate’
You will need these codes to sign into your RIPE NCC Access account if ever accidentally delete the authenticator app, have an empty phone battery, lose your phone, or another reason why you cannot generate a security code.
2FA activated
2FA will now be set up on your account, visit your RIPE NCC Access account and log in using your authenticator app and your password.
Setting up 2FA with Passkey
- Click on “Passkey”
- Follow the instructions to register your Passkey
- Choose where to save your passkey
- Give your Passkey a name
- Copy the recovery codes from the set up screen and keep them safe.
You will need these codes to sign into your RIPE NCC Access account if ever accidentally delete the authenticator app, have an empty phone battery, lose your phone, or another reason why you cannot generate a security code.
Types of passkey
We support several strong authentication devices and methods, including:
- WebAuthn/FIDO2 authenticators (hardware and software)
For stronger security, Keycloak also supports WebAuthn with the following options:
- YubiKey - Popular hardware token for WebAuthn and, TOTP
- SoloKeys - Open-source FIDO2/WebAuthn USB key
- Google Titan Security Key - For extra security
- Windows Hello - For biometric authentication on Windows devices
- Apple Face ID/Touch ID - Supported via WebAuthn in modern browsers