This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[members-discuss] two-factor authentication mandatory

Previous message (by thread): [members-discuss] two-factor authentication mandatory
Next message (by thread): [members-discuss] two-factor authentication mandatory

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ben Cartwright-Cox ripencc at benjojo.co.uk
Thu Jan 11 14:53:17 CET 2024

I agree that FIDO support would be extremely appreciated, Lots of orgs
already have such keys issued to employees and are easier to handle in
many respects.

I would also like to point out to everybody ( from personal experience
in this subject matter )  that the organisational complexity around
implementing two Factor is not about the technical capabilities to do
2FA/MFA, it is more the complexity around how do you handle things
like resetting accounts after MFA tokens have been lost (  and how do
you do this with an acceptable level of security )

I applaud RIPE for taking this decision to enforce 2FA authentication,
I'm glad that the industry is looking at the previous incident and
deciding to make immediate corrections rather than waiting for it to
happen over and over again like sometimes happens in other
Industries/sectors

On Thu, Jan 11, 2024 at 1:36 PM Mike B <michael at booth.technology> wrote:
>
>
> Hello,
>
> I agree completely with the use of 2FA and do agree with the spirit of this being mandatory. However the current state of RIPE NCC MFA is not suitable to be made mandatory. Namely the TOTP requires a phone (sms) or TOTP App. I would like to see support for FIDO2 keys, if this is not possible OTP via email would be a compromise.
>
>
>
> My rational for this is that some organisations do not allow phones within the office, nor have any Apps available to install on their systems. Perhaps a more generic scenario is if a phone is out of battery. I'm sure you can appreciate while I am in favour of MFA I think this must be in a different format.
>
>
>  I'm aware this is a feature many have been keen for for a while. I see two ways forward:
>
> 1) RIPE supports another method of MFA (FIDO KEYS or emailed OTP).
> 2) RIPE makes Mandatory MFA the choice of the LIR admin.
>
> I would like to hear other views on this request to the RIPE NCC.  I am not looking for suggestions for workarounds such as online TOTP or writing my own code for this.
>
>
> Regards,
>
> Michael
>
> _______________________________________________
> members-discuss mailing list
> members-discuss at ripe.net
> https://mailman.ripe.net/
> Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/ripencc%40benjojo.co.uk

Previous message (by thread): [members-discuss] two-factor authentication mandatory
Next message (by thread): [members-discuss] two-factor authentication mandatory

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ members-discuss Archives ]