[db-wg] anyone using the RIPE Databse MUST now have an SSO account?

Hi Denis,

It's only mandatory to be logged in with a RIPE NCC Access account to *use* webupdates. It is still possible to create and update objects with MD5 passwords, although we strongly encourage users to adopt our Single Sign-On system. The new interface will actively help users with that process. 

The reasons for this strategy are the numerous downsides to MD5 passwords, with the most important one being the fact that forgotten passwords are frustrating for users and in most cases require intervention from the RIPE NCC. This actually accounts for a vast amount of support tickets, each one requiring meticulous identity verification to prevent attempted resource hijackings. 

The implementation is quite ambitious, but the result is that almost a thousand maintainers have been migrated to using SSO in less than a week. A softer approach would have likely sustained the current issues for years to come. Ultimately, RIPE NCC Access offers users better security, seamless authentication across all RIPE NCC services, optional two-step verification and the ability to reset a lost password without RIPE NCC intervention. 

Kind regards,

Alex

> On 30 Nov 2015, at 18:07, ripedenis at yahoo.co.uk wrote:
> 
> Hi guys
> 
> When was it discussed, agreed or announced that Webupdates will no longer allow objects to be created or updated with a password?
> 
> As Webupdates is the only way to access an unfiltered version of your own MNTNER object, it is no longer possible to even retrieve a version of your own MNTNER without signing up for an SSO account. I did not realise this has become mandatory.
> 
> So has it been agreed that SSO is the only authorisation method allowed to access the RIPE Database? Did I miss the announcement that passwords and PGP are being deprecated?
> 
> cheers
> denis