Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
Source: Partner News: SophosID is Migrating – Please Log in With Your SophosID
SophosID is migrating identity providers. As a result, you are required to log in to any application using your SophosID before March 31, 2020 in order to maintain your current credentials. After March 31, if you have not already logged in with your SophosID you will be required to perform a password reset.
We are in progress of changing the Identity Provider behind SophosID, the identity you use to log in to the Sophos Partner Portal as well as several other Sophos online resources. We began the migration process in early February 2020 and have been silently migrating identities as they log in. If you’re one of the tens of thousands to have recently logged in, congratulations! Your work here is done, and you’ve already been migrated.
Applications using SophosID include (but are not limited to) the following list below. If you log in to any of these, we’ll be able to migrate your identity:
Author's Note - 3/19/20 - SecBug
Hey all. I'm going to answer a bunch of your questions in one fell swoop so get comfy as this will be a long one :)
Totally get where you're all coming from regarding the subject line. To be honest, there wasn't going to be a decent way to get the message across. Needing to ask people to log in is _always_ going to look a bit phishy. The constant barrage of phishing emails I'm sure we all end up receiving does train us to be very wary of ANYTHING asking us to log in.
I'm really proud to see a lot of people used their noggins and googled instead - that's exactly what I would have done! We put the various blog posts out there for this exact reason. Also, we avoided putting direct links to the login portals in the email, instead pointing people to this very Community article instead. We did use our URL shortener soph.so but a whois will show that registered to Sophos HQ in the United Kingdom.
SophosID is an identity used to log into various Sophos properties but it is not directly connected to your Sophos Central (previously known as Sophos Cloud) account. The only exception is when you're a partner as you'll be using your SophosID to log into the Central Partner Dashboard via the Sophos Partner Portal.
The list at the bottom of the blog post is pretty much the exhaustive list of things that use SophosID.
You only need to log in once and it doesn't matter what computer you do it from. SophosID is not related to your endpoint protection, instead it's used for things like licensing, support, forums, training portal, etc.
This will not affect your endusers. This is just related to you and your account. You might have received this and been confused as you don't use Sophos. Likely, at some point in the past, you created a SophosID if you were using our on-premise products (maybe for a trial or you owned them) as we do all the downloads and licensing via MySophos. Or maybe you joined our forums to leave a comment. The list of applications above will hopefully give you an idea what you signed up with us for.
The domain spoofing that John Coates mentioned is likely due to the email system this was sent from was not in sophos.com's DNS. I'll dig into this so thanks for the heads up.
Password manager issue, likely a GET somewhere on the page that is triggering a basic security check it performs. All authentication is done over an encrypted TLS session so there's nothing to be concerned about.
For a little more insight into why we had to ask people to do this - we're changing our backend identity provider. As we store all customer/user credentials securely, we have no way of accessing the plaintext passwords of our users (for jolly good reason!). To create a new identity for you in the new provider, we need you to successfully log in using your SophosID (authenticating against the old provider). We can then use the provided credentials to create a new identity in the new provider and securely (cryptographically) store those credentials.
We've been doing this migration silently for the past few months and this email was sent to help push us over the finishing line and finish getting everyone migrated. When we turn off the old identity provider, we're not going to be able to validate the credentials you provide when you log in. Therefore a password reset is required so that we can validate you are in control of the account you registered with and we can get you created in the new identity store.
If you've read all the way to the bottom - bravo! Thanks for taking the time and I hope this has helped you understand a little more about this migration.
If you need a little pick-me-up, a chuckle, and some security news, we're trying to stay our usual silly and up-beat selves on the Naked Security podcast (soundcloud.com/sophossecurity). We don't do advertising or anything, it's literally just our way or providing a little entertainment that is suitable for "work" :)
It goes without saying - please stay strong and look after yourselves and your health. My heart goes out to all of you right now. With everyone isolating, working from home/remotely, and so on, the pressure you must be facing to keep your businesses IT running must be immense. IT admins, SOC team members, general blue-team superheroes, and everyone knee-deep in cat5e cables, I salute you.
what for this change n what is the use.
The email that brought me here had the subject "Please Log in With Your SophosID to Avoid a Password Reset". I nearly deleted it, as that's a pretty spammy/phishy kinda subject. Come on Sophos - you're in the IT security business, you can write better messages than that!
Couldn't agree more, I though it was a phising email at first.
Indeed! And only two weeks time... Could they not give us a warning in advance?
I also nearly deleted the e-mail when I read 'Please Log In With Your SophosID to Avoid a Password Reset'; an e-mail subject doesnt get much shadier than that. You can do better than this, Sophos!
I was very suspicious of the email... however the biggest clue was they were only asking me to log in to my account, not click a link.
I did still Google search it though (which brought me here) just to be on the safe side.
How can it be that I use your service? I don't have anything in my records. How can I learn which services or sites have I been connected to with your service? I dont find anything in "My Application" tab here.
Do I have to do this on every machine or just the main account?
When I received this email into one of my email accounts, I received the following warning:
"This email has failed its domain's authentication requirements. It may be spoofed or improperly forwarded!"
why does my password manager tell me this is an insecure login form?
We haven't used Sophos Cloud in years. Why do we still have an active account? I'm the super admin for it our account, why can't I delete it?
Can we please get a list of all applications that are affected? I'm specifically interested in knowing if this affects reflexion users.
Sure would be nice to have some more specific information. Like, a comprehensive list of what you define as a "Sophos application". How will this effect users? Why am I the only person in my org that received this?
SophosID migreert haar identiteitsproviders. Daarom ben je verplicht om voor 31 maart 2020 in te loggen op een applicatie met je SophosID om je huidige inloggegevens te behouden. Als je na 31 maart nog niet bent ingelogd met je SophosID, moet je een wachtwoord-reset uitvoeren.