Starting in September, Sophos will be requiring multi-factor authentication (MFA) for all Sophos Central administrators.
No action is necessary at this time. Beginning in early September, any Sophos Central administrators who aren't already using MFA will simply be redirected to the MFA setup process automatically the next time they log in.
MFA has been enabled by default (with an opt-out feature) for new Sophos Central accounts since October of 2019. This initiative is simply meant to provide all administrators with an additional layer of protection.
If you're not familiar with MFA, it provides additional and valuable login security so that if username and password credentials are stolen, authentication isn’t possible without an additional factor. You can read more about the benefits of MFA here.
As a second authentication factor, we recommend using the Google Authenticator app, which is available for free in the App Store and Google Play. Administrators can also opt to receive text messages or email messages instead.
Sophos Central Super Admins who wish to enable MFA for their teams before September are encouraged to do so. Simply log into Sophos Central, navigate to Global Settings, and choose "Multi-factor Authentication (MFA)" under the “General” heading.
Sophos Central > Global Settings > General > Multi-factor Authentication (MFA)
From there, MFA can be enabled for all admins. Detailed instructions can be found here.