This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Set Up for One Time Password (Dual Authentication) on Sophos XG allows any user to set up application for codes

Hi All,

We have set up dual authentication on our Sophos XG. When users log into the sophos firewall user portal with just their passwords, they are prompted to set up the one time password. After setting up, they need to sign in using their password and their one time code.

The problem is even after they set up their one time password, they are able to sign in and set up another one time password application by signing into the user portal with just their password again. This is a security risk since anyone with an active username and password will be able to set up with second authentication.

Is there any way to restrict this? We don't want users to be able to set up their app passwords at any time.

This thread was automatically locked due to age.

Parents

0 QC over 6 years ago

Hello KaylaAdmin Turzak,

as this is an XG question - please join the XG group so that this thread can be moved.

Christian
Cancel
Vote Up 0 Vote Down

Cancel
0 KaylaAdmin Turzak over 6 years ago in reply to QC

Thanks, moved it to here: https://community.sophos.com/products/xg-firewall/f/intrusion-prevention/100911/set-up-for-one-time-password-dual-authentication-on-sophos-xg-allows-any-user-to-set-up-application-for-codes
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 KaylaAdmin Turzak over 6 years ago in reply to QC

Thanks, moved it to here: https://community.sophos.com/products/xg-firewall/f/intrusion-prevention/100911/set-up-for-one-time-password-dual-authentication-on-sophos-xg-allows-any-user-to-set-up-application-for-codes
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data