I'm glad to see that RIPE NCC has followed in ARIN's footsteps regarding the enforcement of two-factor authentication. I have a few questions regarding this that I'm sure quite a few members of the NCC community also have.
Is this for all NCC Access accounts or only applicable to LIRs/end users with PI resources?
Will there be an option for multiple YubiKeys or U2F keys for authentication, asides from the current TOTP option? If so, is there an ETA for when this would be implemented?
Will RIPE NCC have secondary 2FA requirements for high-risk transactions like RPKI issuance/revocation and delegation, requiring users to re-authenticate when performing these actions? If so, would this change anything with regards to the API implementations?