Sophos XG 17.5 MR12 Mandatory Password Reset Page???

Question

We updated our Sophos XG Firewall to the latest firmware (17.5 MR12) last week. One of the local administrators logged in today to monitor the firewall and this appeared. 
 
 Is this legitimate or can anyone send me an article about this from Sophos? 
 
 We already reset our local and device administrator password last April 2020 and again they are requiring us to change again our passwords. 
 
 Thank you in advance for those who will help. God bless us all.

FloSupport · Accepted Answer

Hi All, 
 Sophos is enforcing a password reset for the XG administrator and all other local administrator accounts that have not reset passwords since the security hotfix was applied at 2200 UTC on April 25, 2020. Where required, administrative accounts will be prompted to change passwords upon logging into an XG Firewall. The password reset is shown only on an XG Firewall that was identified as impacted AND the password has not been changed since 2200 UTC on April 25, 2020. 
 Admins will still receive the password reset request even if multi-factor authentication is enabled. The last date/time check for the password change is determined locally on the firewall from logged events. In the event a positive determination cannot be made, admins will be forced to change their password.