<html><head><meta http-equiv="content-type" content="text/html; charset=us-ascii"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
<p class="MsoNormal" style="margin: 0cm 0cm 8pt; line-height: 18.4px; font-size: medium; font-family: Aptos, sans-serif;"><span style="font-size: 9pt; line-height: 13.8px; font-family: Helvetica;">Dear colleagues,</span></p><p class="MsoNormal" style="margin: 0cm 0cm 8pt; line-height: 18.4px; font-size: medium; font-family: Aptos, sans-serif;"><span style="font-size: 9pt; line-height: 13.8px; font-family: Helvetica;">We would like to share some updates regarding security measures available to RIPE NCC members. <o:p></o:p></span></p><p class="MsoNormal" style="margin: 0cm 0cm 8pt; line-height: 18.4px; font-size: medium; font-family: Aptos, sans-serif;"><span style="font-size: 9pt; line-height: 13.8px; font-family: Helvetica;">We have now introduced a feature that shows LIR administrators whether or not two-factor authentication (2FA) has been enabled by users on their LIR account. This feature allows LIR administrators greater insight into the security measures being implemented within their teams. Please note that only admins have access to this feature. <o:p></o:p></span></p><p class="MsoNormal" style="margin: 0cm 0cm 8pt; line-height: 18.4px; font-size: medium; font-family: Aptos, sans-serif;"><span style="font-size: 9pt; line-height: 13.8px; font-family: Helvetica;">We have also strengthened password requirements and added a reminder to enable 2FA when users log in to their RIPE NCC Access accounts. This is an interim measure until mandatory 2FA is rolled out. Our roadmaps have been updated to expedite the rollout of mandatory two-factor authentication:</span></p><p class="MsoNormal" style="margin: 0cm 0cm 8pt; line-height: 18.4px; font-size: medium; font-family: Aptos, sans-serif;"><span style="font-family: Helvetica; font-size: 9pt;"><a href="https://www.ripe.net/support/documentation/quarterly-planning/business-applications/">https://www.ripe.net/support/documentation/quarterly-planning/business-applications/</a></span></p><p class="MsoNormal" style="margin: 0cm 0cm 8pt; line-height: 18.4px; font-size: medium; font-family: Aptos, sans-serif;"><span style="font-size: 9pt; line-height: 13.8px; font-family: Helvetica;">The rollout is currently planned to take place towards the end of Q1 2024.<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0cm 0cm 8pt; line-height: 18.4px; font-size: medium; font-family: Aptos, sans-serif;"><span style="font-size: 9pt; line-height: 13.8px; font-family: Helvetica;">Additionally, we have increased our efforts to actively identify leaked credentials available online and to reset those passwords. The password reset process for any credentials identified as leaked through our monitoring system has been automated.<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0cm 0cm 8pt; line-height: 18.4px; font-size: medium; font-family: Aptos, sans-serif;"><span style="font-size: 9pt; line-height: 13.8px; font-family: Helvetica;">We urge all members to be mindful of their password security and to enable two-factor authentication. Please follow our security recommendations:<br></span><span style="font-family: Helvetica; font-size: 9pt;">- Review your LIR account(s), restrict access to necessary personnel only and remove former employee accounts.<br></span><span style="font-family: Helvetica; font-size: 9pt;">- Make use of our new feature and ensure that all users on your account enable two-factor authentication.<br></span><span style="font-family: Helvetica; font-size: 9pt;">- If you use a password management tool, we recommend that you enable data breach monitoring for your own credentials.</span></p><p class="MsoNormal" style="margin: 0cm 0cm 8pt; line-height: 18.4px; font-size: medium; font-family: Aptos, sans-serif;"><span style="font-size: 9pt; line-height: 13.8px; font-family: Helvetica;">Kind regards,<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0cm 0cm 8pt; line-height: 18.4px; font-size: medium; font-family: Aptos, sans-serif;"><span style="font-size: 9pt; line-height: 13.8px; font-family: Helvetica;">Eleonora Petridou<br>Chief Information Security Officer<br>RIPE NCC</span></p></body></html>