Hello,
I use a password manager, 1Password, to fill my login credentials for the Sophos Firewall admin login page. I have MFA enabled for the admin users, which requires me to add an MFA code each time I login. This is great, and as expected. However, the MFA code is added to the password field, following the password. This is causing several issues as follows:
- No visual indicator that I need to add the MFA code, which means I need to remember that for this login page I need to do something special. This is not great UX, I should not need to remember that I need to put an MFA code in a special place in the password field, so sometimes I forget, and it takes me longer to login.
- Due to changes in SFOS 20.0.1 MR-1-Build342 I will be blocked after two failed logins, which will certainly happen due to the point above.
- The 1Password, password manager, determines that I am changing my password every time I login with a new string in the password field. This is good, expected behaviour on every single other login page, but is absolutely maddening on the Sophos Firewall page because I am not changing my password.
I have scoured for the config setting to change this, to have a third separate field on the login page for the MFA code, but I cannot find how to do it.
How are you managing this? Do you also find this frustrating?
If the option for a third, separate, field for the OTP/MFA/2FA does not currently exist, could such an option be added as a feature request?
Image 1. Sophos Firewall Admin Login page with username and password fields, but no OTP code field.
Edited TAGs
[edited by: Raphael Alganes at 3:19 PM (GMT -7) on 11 Jun 2024]
