This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/members-discuss@ripe.net/
[members-discuss] two-factor authentication mandatory
- Previous message (by thread): [members-discuss] two-factor authentication mandatory
- Next message (by thread): [members-discuss] two-factor authentication mandatory
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Callum Green
callum.green at kloud9.co.uk
Thu Jan 11 15:06:50 CET 2024
Good Afternoon all, I agree with Ben here. The complexity around implementing two Factor can be a challenge, one thing I would like to see is maybe for RIPE to look at the rollout SAML authentication (i.e allow people to log-in with services such as O365). From what I have seen this is not possible at this time, I feel this might help with the issue Ben spoke about regarding more internal IT issues when accessing RIPE resource, it also allows for more easier administration in general (ie. When people leave a org RIPE access is blocked when the email account is disabled etc..). I also applaud RIPE for taking this decision to enforce 2FA authentication, It's a shame it's taking this long to have the discussion, but we all learn from issues. Kind Regards Callum Callum Green Head of Technical Operations Kloud9 0333 996 1000 www.kloud9.co.uk callum.green at kloud9.co.uk IMPORTANT: This email and any accompanying documents are confidential and may be privileged. If you are not the intended recipient, please notify us immediately by emailing us at info at kloud9.co.uk and delete the email. You must not copy, disclose or otherwise use this message. Unauthorised use is strictly prohibited and may be unlawful. Whilst AJ Technology Ltd T/A Kloud 9 makes every effort to ensure attachments are virus checked before transmission AJ Technology Ltd T/A Kloud 9 does not accept any liability in respect of any undetected virus. AJ Technology Ltd T/A Kloud 9 is a company registered in England & Wales, Registered Company No. 06027746. -----Original Message----- From: members-discuss <members-discuss-bounces at ripe.net> On Behalf Of Ben Cartwright-Cox via members-discuss Sent: Thursday, January 11, 2024 1:53 PM To: Mike B <michael at booth.technology> Cc: members-discuss at ripe.net Subject: Re: [members-discuss] two-factor authentication mandatory CAUTION - EXTERNAL EMAIL - This email originated from outside of the organisation. Do not click links or open attachments unless you recognise the sender, expect the message and know that the content is safe. I agree that FIDO support would be extremely appreciated, Lots of orgs already have such keys issued to employees and are easier to handle in many respects. I would also like to point out to everybody ( from personal experience in this subject matter ) that the organisational complexity around implementing two Factor is not about the technical capabilities to do 2FA/MFA, it is more the complexity around how do you handle things like resetting accounts after MFA tokens have been lost ( and how do you do this with an acceptable level of security ) I applaud RIPE for taking this decision to enforce 2FA authentication, I'm glad that the industry is looking at the previous incident and deciding to make immediate corrections rather than waiting for it to happen over and over again like sometimes happens in other Industries/sectors On Thu, Jan 11, 2024 at 1:36 PM Mike B <michael at booth.technology> wrote: > > > Hello, > > I agree completely with the use of 2FA and do agree with the spirit of this being mandatory. However the current state of RIPE NCC MFA is not suitable to be made mandatory. Namely the TOTP requires a phone (sms) or TOTP App. I would like to see support for FIDO2 keys, if this is not possible OTP via email would be a compromise. > > > > My rational for this is that some organisations do not allow phones within the office, nor have any Apps available to install on their systems. Perhaps a more generic scenario is if a phone is out of battery. I'm sure you can appreciate while I am in favour of MFA I think this must be in a different format. > > > I'm aware this is a feature many have been keen for for a while. I see two ways forward: > > 1) RIPE supports another method of MFA (FIDO KEYS or emailed OTP). > 2) RIPE makes Mandatory MFA the choice of the LIR admin. > > I would like to hear other views on this request to the RIPE NCC. I am not looking for suggestions for workarounds such as online TOTP or writing my own code for this. > > > Regards, > > Michael > > _______________________________________________ > members-discuss mailing list > members-discuss at ripe.net > https://mailman.ripe.net/ > Unsubscribe: > https://lists.ripe.net/mailman/options/members-discuss/ripencc%40benjo > jo.co.uk _______________________________________________ members-discuss mailing list members-discuss at ripe.net https://mailman.ripe.net/ Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/callum.green%40kloud9.co.uk
- Previous message (by thread): [members-discuss] two-factor authentication mandatory
- Next message (by thread): [members-discuss] two-factor authentication mandatory
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]