<div dir="ltr">Hi,<div><br></div><div>Not using it, so I won't miss it.</div><div>Two factor auth is on the right direction, so I support it.</div><div><br></div><div>Regards,</div><div>George</div><div><br></div><div>
<br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Dec 4, 2013 at 1:57 PM, Alex Band <span dir="ltr"><<a href="mailto:alexb@ripe.net" target="_blank">alexb@ripe.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Dear colleagues,<br>
<br>
In our RIPE NCC Access authentication system, we offer the ability to log in using an X.509 identity certificate instead of a username and password. This functionality was transferred from the legacy authentication system we used to have, without evaluating the value of this feature at the time.<br>
<br>
Since then, we have encountered several implementation, user interface and support issues surrounding this feature, while it is used by less than 0.7% of the users with a RIPE NCC Access account. Most importantly, the functionality does not actually offer any additional security. This is something that is provided by true two-factor authentication.<br>
<br>
We would like to propose to put this functionality in maintenance mode, meaning that it would be provided as it is without a service guarantee. Alternatively, it could be removed altogether. This would free us of a maintenance and support burden, meaning that we can spend these resources on other valuable services.<br>
<br>
If the membership approves, the RIPE NCC could investigate ways to implement true two-factor authentication for RIPE NCC Access.<br>
<br>
We look forward to hearing your feedback.<br>
<br>
Kind regards,<br>
<br>
Alex Band<br>
Product Manager<br>
RIPE NCC<br>
</blockquote></div><br></div>