Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 28 subscribers
  • Views 1657 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OTP / 2FA for built-in Admin User

LHerzog

Hi,

from this 4y old threat it seems, it is not possible to enable 2FA for the default admin user.

https://community.sophos.com/sophos-xg-firewall/f/discussions/89815/2fa-for-admin-user-in-webadmin-logon

is that still correct?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LHerzog

    Well, you don't even need that. You can the 16 character code from looking at the HTML code. It's just not convenient.

    The REAL issue I have is with how the login is implemented. Why do you have to append the OTP code to the end of the password? I have never seen any other login page that works this way. Are there any plans to design a proper login with a separate OTP field?

  • 0 in reply to Andy Raphael

    you don't know if the user that connects has OTP enabled or not. So why showing an OTP field if one may not need it.

    I would agree that it makes sense to show such, if you enable this checkbox in the middle:

    btw: nice thing that you found it on the source code!

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?