[arin-ppml] Fwd: [ncc-announce] Security Breach: Please Enable Two-Factor Authentication

Thu Jan 4 09:21:02 EST 2024

https://benjojo.co.uk/u/benjojo/h/r1zj333N4L6cF7P1xv
 ---- On Thu,04 Jan 2024 16:55:05 -0500  mike at iptrading.com  wrote ----I thought this situation would be of interest to the Arin community.Regards,Mike============ Forwarded Message ============From : hph+announce at ripe.netTo : ncc-announce at ripe.netDate : Thu,04 Jan 2024 15:47:13 -0500Subject : [ncc-announce] Security Breach: Please Enable Two-Factor Authentication============ Forwarded Message ============Dear colleagues,

In light of the recent incident where a RIPE NCC Access account was compromised, we urge you to review your own account security.

-------------------------------
Two-Factor Authentication
-------------------------------
If you have not already done so, enable two-factor authentication on your RIPE NCC Access account. Using two-factor authentication across all of your accounts can reduce your exposure to attacks like these. 

The guide for setting up two-factor authentication on your Access account can be found at:
https://www.ripe.net/participate/member-support/ripe-ncc-access/two-step-verification

-------------------------------
Password Recommendations
-------------------------------
We also encourage account holders to change their Access account password and follow these recommendations: 

- Avoid reusing passwords for login credentials.
- Use a password manager to automatically create random passwords and store them.
- If you use a SaaS based password management tool, enable dark web monitoring for your own credentials.

If you choose to create your own password: 
- Use at least 14 characters to create a password.
- Using passphrases can be helpful such as a favourite quote, fictional character name or line of song to greatly increase the length of the password while also making it easier to remember. 

We are currently investigating the compromise of the RIPE NCC Access account and continue to work with the account holder in question. 

We would also like to share that we are routinely responding to notifications of possible public breaches containing RIPE NCC Access accounts and actively resetting account passwords while notifying the account holders. In line with the previous resolution by the Executive Board, we are reporting all cases of attempted fraud to the Dutch authorities:
https://www.ripe.net/about-us/executive-board/minutes/2017/minutes-110th-executive-board-meeting

Rest assured that the RIPE NCC is committed to taking the necessary steps to ensure the security of our services. We are currently investigating how we can change our roadmaps to make two-step verification mandatory for all RIPE NCC Access accounts as soon as possible and, in the longer term, offer a wider variety of verification mechanisms. 

If you suspect that your account might be impacted, please report it to security at ripe.net.

Kind regards,
Hans Petter Holen
Managing Director and CEO,
RIPE NCC

_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact info at arin.net if you experience any issues.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20240104/71861bd5/attachment.htm>