Bogdan-Stefan,
I agree with your remark about the fact that 2FA using an Authenticator on the same system used for the login defeats its purpose.
Thus, if I accept the risk that my PC could be hacked and RIPE clearly also accepts running 2FA on a PC running Linux then I reckon that running a 2FA Authenticator on Windows or even macOS should also be made possible.
I therefore stand by my question how to enable an Authenticator on a PC if already enabled on another device. More than 95% of users don’t use Linux on their desktop. Then only referring to an arcane Linux CLI tool is a bit limiting.
I installed that toolkit on WSL2 on my PC and it installed fine but to use it I still need the secret key that was used to enable 2FA. Which I don’t have and is also not available on my profile page. Tried exporting it in Google Authenticator which gives a QR code, pointed WinAuth to the URL where I stored it. Didn’t work.
On 25 Mar 2024, at 12:40, Bogdan-Stefan Rotariu <bogdan@rotariu.ro> wrote:
Hello,
The scope of 2FA is to use a secondary device to get the authorisation codes. We saw hacked PC’s that had Authy or any other 2FA Apps, and the attackers used those to obtain the codes and hijacked accounts.
So using a 2FA App on the same device that you’re using to login and authorise at the same time defeats the purpose of the 2FA.
We are try now to teach our users and employees to stop using desktop apps for 2FA code generators and I encourage you to do the same, even if it adds a second layer (as expected) of effort for you.
Thanks,
On 25 Mar 2024, at 13:13, Ernst J. Oud <ernstoud@gmail.com> wrote:
Hi,
I enabled 2FA for Atlas website access. Works fine on my iPad and Android phone, using the Google Authenticator. However not always I have these devices with me when I want access via my Windows PC.
I installed WinAuth on my PC but it needs the secret key that is generated when 2FA is enabled. Is there a way to get this secret key for this purpose? Tried exporting from Google Authenticator but that only supplies a QR code, not the key.
Is there a way to use both a tablet/phone and a PC for authentication?
I read that in Q1 2FA will be enforced. I am a bit amazed that there has been no further announcement in this group with some help. The page on 2FA only mentions the Oauth Toolkit for Linux. No help whatsoever for Windows users.
Any clues?
Regards,
Ernst J. Oud
--
ripe-atlas mailing list
ripe-atlas@ripe.net
https://lists.ripe.net/mailman/listinfo/ripe-atlas
-- ripe-atlas mailing listripe-atlas@ripe.nethttps://lists.ripe.net/mailman/listinfo/ripe-atlas