This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[members-discuss] two-factor authentication mandatory

Previous message (by thread): [members-discuss] two-factor authentication mandatory
Next message (by thread): [members-discuss] two-factor authentication mandatory

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Randy Bush randy at psg.com
Thu Jan 11 17:10:54 CET 2024

> I agree completely with the use of 2FA and do agree with the spirit of
> this being mandatory. However the current state of RIPE NCC MFA is not
> suitable to be made mandatory. Namely the TOTP requires a phone (sms)
> or TOTP App. I would like to see support for FIDO2 keys, if this is
> not possible OTP via email would be a compromise.

right now, totp works.  make it mandatory and we have raised the bar
seriously.

i agree that webauth with fido2 would be nice.  it will take too long,
and could be costly in this time of tightening budgets.  so i will be
patient.

email or sms are really bad ideas for widely known security reasons.

randy

Previous message (by thread): [members-discuss] two-factor authentication mandatory
Next message (by thread): [members-discuss] two-factor authentication mandatory

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ members-discuss Archives ]