Hi All,
We have set up dual authentication on our Sophos XG. When users log into the sophos firewall user portal with just their passwords, they are prompted to set up the one time password. After setting up, they need to sign in using their password and their one time code.
The problem is even after they set up their one time password, they are able to sign in and set up another one time password application by signing into the user portal with just their password again. This is a security risk since anyone with an active username and password will be able to set up with second authentication.
Is there any way to restrict this? We don't want users to be able to set up their app passwords at any time.
This thread was automatically locked due to age.