How to protect the build in admin account ?

Question

Hello, 
 Seems it is not possible to use OTP with the built in admin account. What is a sound strategy to protect the built-in admin account, other than giving it a very strong password and not using it unless absolutely necessary please ? 
 Thanks !

rfcat_vk · Accepted Answer

Restrict the IP addresses that can access it.

lferrara · Answer

Koen, 
 AFAIK you cannot enable the OTP on admin because the OTP service starts after the O.S and so it will not simply work. To enable it, Sophos has to change a lot of configuration inside the Kernel. 
 You can raise a feature request on ideas.sophos.com for that. 
 The other option as rfcat_vk suggested, is to restrict the access from one ip or use a really strong password for admin. 
 Regards,