[ncc-services-wg] Authentication Proposal for RIPE NCC Access

Dear ncc-services-wg, Job,

I'd like to second this; HOTP and/or TOTP are an excellent choice.
Implementations are available for a wide range of mobile platforms. Google
Authenticator, for example, supports both on iOS and Android. Many other open
and closed source implementations exist for Blackberry, Symbian, and J2ME.

Avoid SMS and robo-caller solutions; many places engineers find themselves
working from in the real world (data-centers, optical regeneration containers,
...) have no mobile telephony reception.

--
Respectfully yours,

David Monosov


On 12/04/2013 07:00 PM, Job Snijders wrote:
> On Wed, Dec 04, 2013 at 06:51:48PM +0100, Randy Bush wrote:
>>> +1, mobile phone short message service comes into my mind
>> 
>> for those of us who are not very local this would be costly
> 
> Indeed, I'd prefer sometimg like HOTP [1] or TOTP [2]. That way it is 
> cheaper, and I don't depend on a cellphone provider and can use a wide 
> variety of clients on both my cellphone and workstation.
> 
> Kind regards,
> 
> Job
> 
> [1] - http://www.ietf.org/rfc/rfc4226.txt [2] -
> http://tools.ietf.org/html/rfc6238
>