Dear colleagues, Two-factor authentication (2FA) was made mandatory for all RIPE NCC Access accounts in March earlier this year, and we received many requests to use security keys as an authentication method. You can now use passkeys as a two-factor authentication method for RIPE NCC Access accounts, in addition to authenticator apps. Passkeys can be stored on an hardware security key (FIDO2 compatible) or in a password manager, potentially synced across devices. They are supported on mobile devices (iOS, Android) and by most browsers on computers. If you have any feedback, please contact us at ncc@ripe.net Kind regards, Felipe Victolla Silveira Chief Technology Officer RIPE NCC
Hello, good to see this. But one esential option is missing - I cannot select prefered method of two-factor authentication in my profile. Even if I add passkey(s), I'm still primary prompted for TOTP (with requirement of two additional clicks when I would like to use passkey instead). Can you please add such option? - Daniel On 5/30/24 5:39 PM, Felipe Silveira wrote:
Dear colleagues,
Two-factor authentication (2FA) was made mandatory for all RIPE NCC Access accounts in March earlier this year, and we received many requests to use security keys as an authentication method.
You can now use passkeys as a two-factor authentication method for RIPE NCC Access accounts, in addition to authenticator apps. Passkeys can be stored on an hardware security key (FIDO2 compatible) or in a password manager, potentially synced across devices. They are supported on mobile devices (iOS, Android) and by most browsers on computers.
If you have any feedback, please contact us at ncc@ripe.net <mailto:ncc@ripe.net>
Kind regards,
Felipe Victolla Silveira Chief Technology Officer RIPE NCC
As a followup to this (some time later :-) ), I encounter similar issues when having both authenticator app and passkey configured. Can one have a preferred mechanism, or choose at login? Or should one remove the autenticator feature to get the passkey to function? It's a bit scary to remove mechanisms that work...as one have a feeling one might lock oneselves out of the account... My apologies if there is documentation on how to handle situations when you have both passkey and authenticator app configured. I have not found them :-( Patrik On 31 May 2024, at 17:16, Daniel Suchy via ncc-services-wg wrote:
Hello, good to see this. But one esential option is missing - I cannot select prefered method of two-factor authentication in my profile. Even if I add passkey(s), I'm still primary prompted for TOTP (with requirement of two additional clicks when I would like to use passkey instead).
Can you please add such option?
- Daniel
On 5/30/24 5:39 PM, Felipe Silveira wrote:
Dear colleagues,
Two-factor authentication (2FA) was made mandatory for all RIPE NCC Access accounts in March earlier this year, and we received many requests to use security keys as an authentication method.
You can now use passkeys as a two-factor authentication method for RIPE NCC Access accounts, in addition to authenticator apps. Passkeys can be stored on an hardware security key (FIDO2 compatible) or in a password manager, potentially synced across devices. They are supported on mobile devices (iOS, Android) and by most browsers on computers.
If you have any feedback, please contact us at ncc@ripe.net <mailto:ncc@ripe.net>
Kind regards,
Felipe Victolla Silveira Chief Technology Officer RIPE NCC
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ncc-services-wg
Dear Patrik, You can add multiple authentication methods to your RIPE NCC Access account. If you have OTP configured, go to your Access profile page and add either an extra OTP or a Passkey as authentication. When you next log in to your RIPE NCC Access account with your username and password, you will get the option to log in with OTP, or you can select ‘try another way’. Here you will see the option to use the Passkey. If you need more information, please reach out to me. I am happy to help. Kind regards Fallon Albrecht Manager Business Applications On Sun, 2 Nov 2025 at 17:41, Patrik Fältström <paf@netnod.se> wrote:
As a followup to this (some time later :-) ), I encounter similar issues when having both authenticator app and passkey configured.
Can one have a preferred mechanism, or choose at login?
Or should one remove the autenticator feature to get the passkey to function?
It's a bit scary to remove mechanisms that work...as one have a feeling one might lock oneselves out of the account...
My apologies if there is documentation on how to handle situations when you have both passkey and authenticator app configured. I have not found them :-(
Patrik
On 31 May 2024, at 17:16, Daniel Suchy via ncc-services-wg wrote:
Hello, good to see this. But one esential option is missing - I cannot select prefered method of two-factor authentication in my profile. Even if I add passkey(s), I'm still primary prompted for TOTP (with requirement of two additional clicks when I would like to use passkey instead).
Can you please add such option?
- Daniel
On 5/30/24 5:39 PM, Felipe Silveira wrote:
Dear colleagues,
Two-factor authentication (2FA) was made mandatory for all RIPE NCC Access accounts in March earlier this year, and we received many requests to use security keys as an authentication method.
You can now use passkeys as a two-factor authentication method for RIPE NCC Access accounts, in addition to authenticator apps. Passkeys can be stored on an hardware security key (FIDO2 compatible) or in a password manager, potentially synced across devices. They are supported on mobile devices (iOS, Android) and by most browsers on computers.
If you have any feedback, please contact us at ncc@ripe.net mailto:ncc@ripe.net <ncc@ripe.net>
Kind regards,
Felipe Victolla Silveira Chief Technology Officer RIPE NCC
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ncc-services-wg
----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/ncc-services-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
Hello, we're still discussing about selection *preferred* method. In case when I have both TOTP and Passkey, system offers TOTP as a first option. I can't set preference of Passkey anywhere, IDP system even doesn't remember last method used by me. Sure, I can select other methods using button you're mentioning. That's here since beginning. But this is quite annoying, as it *always* requires two additional clicks. I log in with username (and pasword) - and in that point you know user, and you can select method even based on user. Simple questions: - why I cannot at least set prefered method on my account - or at least why from security perspective stronger method isn't preffered? If IDP system needs set this parameter globally - in my oppinion - there should be Passkey preffered over TOTP in IDP flow configuration. I think stronger authentication method should be always preferred... Sure, I use TOTP for long time and I have personal plan to deprecate (kill) it. But the impossibility of choosing a preferred method is simply pitty. And the preference of less safe methods on the part of the NCC does not help either. Do you understand what we are trying to say? - Daniel On 11/6/25 1:24 PM, Fallon Albrecht wrote:
You can add multiple authentication methods to your RIPE NCC Access account.
If you have OTP configured, go to your Access profile page and add either an extra OTP or a Passkey as authentication.
When you next log in to your RIPE NCC Access account with your username and password, you will get the option to log in with OTP, or you can select ‘try another way’. Here you will see the option to use the Passkey.
If you need more information, please reach out to me. I am happy to help.
participants (4)
-
Daniel Suchy -
Fallon Albrecht -
Felipe Silveira -
Patrik Fältström