This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[atlas] Fwd: 2FA
- Previous message (by thread): [atlas] Fwd: 2FA
- Next message (by thread): [atlas] Fwd: [ncc-announce] [News] 2FA Mandatory on RIPE NCC Access accounts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ernst J. Oud
ernstoud at gmail.com
Wed Mar 27 15:02:29 CET 2024
Wow! On the profile page now you can add authenticators and copy the secret key if you add one. This works fine with WinAuth. Thanks! Met vriendelijke groet / Regards, Ernst J. Oud > On 25 Mar 2024, at 20:14, Ernst J. Oud <ernstoud at gmail.com> wrote: > > > L.S. > > Oh well, I installed the Authenticator Chrome Extension (https://chromewebstore.google.com/detail/authenticator/bhghoamapcdpbohphigoooaddinpkbai) on my PC which could scan (nifty!) the QR code exported from Google Authenticator. All is fine now. Can use 2FA via Chrome on my PC. > > Regards, > > Ernst > >> From: "Ernst J. Oud" <ernstoud at gmail.com> >> Date: 25 March 2024 at 13:39:45 CET >> To: Bogdan-Stefan Rotariu <bogdan at rotariu.ro> >> Subject: Re: [atlas] 2FA >> >> Bogdan-Stefan, >> >> I agree with your remark about the fact that 2FA using an Authenticator on the same system used for the login defeats its purpose. >> >> However, RIPE refers on the 2FA instruction page (https://www.ripe.net/membership/member-support/ripe-ncc-access/two-step-verification/) under the heading “What if I don't have or want to use a smartphone?” to the OATH Toolkit for Linux. >> >> Thus, if I accept the risk that my PC could be hacked and RIPE clearly also accepts running 2FA on a PC running Linux then I reckon that running a 2FA Authenticator on Windows or even macOS should also be made possible. >> >> I therefore stand by my question how to enable an Authenticator on a PC if already enabled on another device. More than 95% of users don’t use Linux on their desktop. Then only referring to an arcane Linux CLI tool is a bit limiting. >> >> I installed that toolkit on WSL2 on my PC and it installed fine but to use it I still need the secret key that was used to enable 2FA. Which I don’t have and is also not available on my profile page. Tried exporting it in Google Authenticator which gives a QR code, pointed WinAuth to the URL where I stored it. Didn’t work. >> >> Regards, >> >> Ernst J. Oud >> >>>> On 25 Mar 2024, at 12:40, Bogdan-Stefan Rotariu <bogdan at rotariu.ro> wrote: >>>> >>> Hello, >>> >>> The scope of 2FA is to use a secondary device to get the authorisation codes. We saw hacked PC’s that had Authy or any other 2FA Apps, and the attackers used those to obtain the codes and hijacked accounts. >>> So using a 2FA App on the same device that you’re using to login and authorise at the same time defeats the purpose of the 2FA. >>> >>> We are try now to teach our users and employees to stop using desktop apps for 2FA code generators and I encourage you to do the same, even if it adds a second layer (as expected) of effort for you. >>> >>> Thanks, >>> >>> -- >>> Bogdan-Stefan Rotariu >>> >>> >>> >>>> On 25 Mar 2024, at 13:13, Ernst J. Oud <ernstoud at gmail.com> wrote: >>>> >>>> Hi, >>>> >>>> I enabled 2FA for Atlas website access. Works fine on my iPad and Android phone, using the Google Authenticator. However not always I have these devices with me when I want access via my Windows PC. >>>> >>>> I installed WinAuth on my PC but it needs the secret key that is generated when 2FA is enabled. Is there a way to get this secret key for this purpose? Tried exporting from Google Authenticator but that only supplies a QR code, not the key. >>>> >>>> Is there a way to use both a tablet/phone and a PC for authentication? >>>> >>>> I read that in Q1 2FA will be enforced. I am a bit amazed that there has been no further announcement in this group with some help. The page on 2FA only mentions the Oauth Toolkit for Linux. No help whatsoever for Windows users. >>>> >>>> Any clues? >>>> >>>> Regards, >>>> >>>> Ernst J. Oud >>>> -- >>>> ripe-atlas mailing list >>>> ripe-atlas at ripe.net >>>> https://mailman.ripe.net/ >>> >>> -- >>> ripe-atlas mailing list >>> ripe-atlas at ripe.net >>> https://mailman.ripe.net/ -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/ripe-atlas/attachments/20240327/5c55dd50/attachment.html>
- Previous message (by thread): [atlas] Fwd: 2FA
- Next message (by thread): [atlas] Fwd: [ncc-announce] [News] 2FA Mandatory on RIPE NCC Access accounts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]