Hi, In my personal opinion,
* Make 2FA mandatory for ALL users or include the option to make it mandatory at level of LIR account * Include the feature (for Admin role) to check if users have 2FA enabled, for example, in the user list. * It would be interesting to have the option of receiving confirmation by email when a user accesses the portal. * Option to set that an email could be sent to Administrators or specific email account when someone accesses. * To add administrators or delete users, it asks you for an additional 2FA. * Include a new "None" role to be able to temporarily disable users without the need to delete them. * Include detection of suspicious accesses: accesses from anonymization IPs, from different devices, etc. Regards. Rodolfo. De: ripe-list <[email protected]> En nombre de Michele Neylon - Blacknight via ripe-list Enviado el: jueves, 4 de enero de 2024 0:33 Para: Randy Bush <[email protected]> CC: RIPE List <[email protected]> Asunto: Re: [ripe-list] account breaking leads to routing mess See also [cid:[email protected]] How 50% of telco Orange Spain’s traffic got hijacked — a weak password<https://doublepulsar.com/how-50-of-telco-orange-spains-traffic-got-hijacked-a-weak-password-d7cde085b0c5> doublepulsar.com<https://doublepulsar.com/how-50-of-telco-orange-spains-traffic-got-hijacked-a-weak-password-d7cde085b0c5> 2FA should be mandatory or access without it should have lower privileges I’d hope the bit about password complexity in the article above is incorrect! Regards Michele Mr Michele Neylon Blacknight Hosting & Domains https://www.blacknight.com @mneylon Sent from mobile so typos and brevity are normal On 3 Jan 2024, at 21:25, Randy Bush <[email protected]<mailto:[email protected]>> wrote: [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. https://benjojo.co.uk/u/benjojo/h/r1zj333N4L6cF7P1xv i would be interested in what lessons are learned about protecting one's rir accounts randy -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ripe-list ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is confidential and privileged information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
-- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ripe-list
