Hi, Not using it, so I won't miss it. Two factor auth is on the right direction, so I support it. Regards, George On Wed, Dec 4, 2013 at 1:57 PM, Alex Band <alexb@ripe.net> wrote:
Dear colleagues,
In our RIPE NCC Access authentication system, we offer the ability to log in using an X.509 identity certificate instead of a username and password. This functionality was transferred from the legacy authentication system we used to have, without evaluating the value of this feature at the time.
Since then, we have encountered several implementation, user interface and support issues surrounding this feature, while it is used by less than 0.7% of the users with a RIPE NCC Access account. Most importantly, the functionality does not actually offer any additional security. This is something that is provided by true two-factor authentication.
We would like to propose to put this functionality in maintenance mode, meaning that it would be provided as it is without a service guarantee. Alternatively, it could be removed altogether. This would free us of a maintenance and support burden, meaning that we can spend these resources on other valuable services.
If the membership approves, the RIPE NCC could investigate ways to implement true two-factor authentication for RIPE NCC Access.
We look forward to hearing your feedback.
Kind regards,
Alex Band Product Manager RIPE NCC