[members-discuss] two-factor authentication mandatory

One option we propose is to limit access by IP.

We limit access to the IPs of our VPN so that it makes no difference 
whether we are in our office or on the road or from which computer we 
are connecting.



On 11/01/2024 14:35, Mike B wrote:
> 
> Hello,
> 
> I agree completely with the use of 2FA and do agree with the spirit of 
> this being mandatory. However the current state of RIPE NCC MFA is not 
> suitable to be made mandatory. Namely the TOTP requires a phone (sms) or 
> TOTP App. I would like to see support for FIDO2 keys, if this is not 
> possible OTP via email would be a compromise.
> 
> My rational for this is that some organisations do not allow phones 
> within the office, nor have any Apps available to install on their 
> systems. Perhaps a more generic scenario is if a phone is out of 
> battery. I'm sure you can appreciate while I am in favour of MFA I think 
> this must be in a different format.
> 
> 
> I'm aware this is a feature many have been keen for for a while. I see 
> two ways forward:
> 
> 1) RIPE supports another method of MFA (FIDO KEYS or emailed OTP).
> 2) RIPE makes Mandatory MFA the choice of the LIR admin.
> 
> I would like to hear other views on this request to the RIPE NCC.  I am 
> not looking for suggestions for workarounds such as online TOTP or 
> writing my own code for this.
> 
> 
> Regards,
> 
> Michael
> 
> 
> _______________________________________________
> members-discuss mailing list
> members-discuss at ripe.net
> https://mailman.ripe.net/
> Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/jm%40ginernet.com

-- 
José Manuel Giner
https://ginernet.com