Hi all. It would be nice for the LIR admin to be able to check in the LIR portal whether the users have enabled/disabled 2FA. Does anyone know if this is possible? If not I suggest that RIPE NCC should implement this. Regards, Thor-Henrik Kvandahl Telenor Norge AS Sensitivity: Internal -----Original Message----- From: ncc-services-wg <ncc-services-wg-bounces@ripe.net> On Behalf Of Hans Petter Holen Sent: torsdag 4. januar 2024 14:03 To: ncc-services-wg@ripe.net Subject: [ncc-services-wg] Security Breach: Please Enable Two-Factor Authentication Dear colleagues, In light of the recent incident where a RIPE NCC Access account was compromised, we urge you to review your own account security. ------------------------------- Two-Factor Authentication ------------------------------- If you have not already done so, enable two-factor authentication on your RIPE NCC Access account. Using two-factor authentication across all of your accounts can reduce your exposure to attacks like these. The guide for setting up two-factor authentication on your Access account can be found at: https://www.ripe.net/participate/member-support/ripe-ncc-access/two-step-ver... ------------------------------- Password Recommendations ------------------------------- We also encourage account holders to change their Access account password and follow these recommendations: - Avoid reusing passwords for login credentials. - Use a password manager to automatically create random passwords and store them. - If you use a SaaS based password management tool, enable dark web monitoring for your own credentials. If you choose to create your own password: - Use at least 14 characters to create a password. - Using passphrases can be helpful such as a favourite quote, fictional character name or line of song to greatly increase the length of the password while also making it easier to remember. We are currently investigating the compromise of the RIPE NCC Access account and continue to work with the account holder in question. We would also like to share that we are routinely responding to notifications of possible public breaches containing RIPE NCC Access accounts and actively resetting account passwords while notifying the account holders. In line with the previous resolution by the Executive Board, we are reporting all cases of attempted fraud to the Dutch authorities: https://www.ripe.net/about-us/executive-board/minutes/2017/minutes-110th-exe... Rest assured that the RIPE NCC is committed to taking the necessary steps to ensure the security of our services. We are currently investigating how we can change our roadmaps to make two-step verification mandatory for all RIPE NCC Access accounts as soon as possible and, in the longer term, offer a wider variety of verification mechanisms. If you suspect that your account might be impacted, please report it to security@ripe.net. Kind regards, Hans Petter Holen Managing Director and CEO, RIPE NCC -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ncc-services-wg