11 Jan
2024
11 Jan
'24
5:10 p.m.
I agree completely with the use of 2FA and do agree with the spirit of this being mandatory. However the current state of RIPE NCC MFA is not suitable to be made mandatory. Namely the TOTP requires a phone (sms) or TOTP App. I would like to see support for FIDO2 keys, if this is not possible OTP via email would be a compromise.
right now, totp works. make it mandatory and we have raised the bar seriously. i agree that webauth with fido2 would be nice. it will take too long, and could be costly in this time of tightening budgets. so i will be patient. email or sms are really bad ideas for widely known security reasons. randy