Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Separate MFA field for admin portal login

Hello,

I use a password manager, 1Password, to fill my login credentials for the Sophos Firewall admin login page. I have MFA enabled for the admin users, which requires me to add an MFA code each time I login. This is great, and as expected. However, the MFA code is added to the password field, following the password. This is causing several issues as follows:

  • No visual indicator that I need to add the MFA code, which means I need to remember that for this login page I need to do something special. This is not great UX, I should not need to remember that I need to put an MFA code in a special place in the password field, so sometimes I forget, and it takes me longer to login.
    • Due to changes in SFOS 20.0.1 MR-1-Build342 I will be blocked after two failed logins, which will certainly happen due to the point above.
  • The 1Password, password manager, determines that I am changing my password every time I login with a new string in the password field. This is good, expected behaviour on every single other login page, but is absolutely maddening on the Sophos Firewall page because I am not changing my password.

I have scoured for the config setting to change this, to have a third separate field on the login page for the MFA code, but I cannot find how to do it.

How are you managing this? Do you also find this frustrating?

If the option for a third, separate, field for the OTP/MFA/2FA does not currently exist, could such an option be added as a feature request?

Sophos Firewall Admin Login page with username and password fields, but no OTP code field.

Image 1. Sophos Firewall Admin Login page with username and password fields, but no OTP code field.



Edited TAGs
[edited by: Raphael Alganes at 3:19 PM (GMT -7) on 11 Jun 2024]
Parents Reply
  • LuCar, not everyone is keen to use any sort of cloud ID provider, etc. (most of my customers are not, for example).  Raphael, I recommend bringing this up with your reseller so they can put in a feature request, etc.  You can also try creating a feature request via Sophos Support.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children