Both methods have their advantages, but the second one is a bit more lucrative.<\/p>\n\n\n\n
Today we will provide you with a guide on how to implement each of the two methods for your Sophos 2 factor authentication and answer the most common questions on Protectimus OTP tokens for Sophos client authentication.<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
Definitions<\/strong><\/h2>\n\n\n\nLet’s give a couple of definitions for a better understanding of what comes next, so you won\u2019t have to google \u201cWhat is OTP?\u201d or \u201cwhat is a token?\u201d First things first \u2014 OTP stands for One Time Password<\/a>. Once generated, one OTP is valid only for one single transaction. Now let\u2019s move to the more complicated matters.<\/p>\n\n\n\n- OTP secret<\/em> \u2014 a completely unique 128bit encryption key, used for password creation. Each user has his or her own secret.<\/li>
- OTP code<\/em> \u2014 a time-limited one-time code, usually consists of 6 digits and is attached to the user passwords to allow authentication.<\/li>
- OTP token<\/em> \u2014 an object that assembles each of the necessary authentication elements (User, OTP secret, OTP pass).<\/li><\/ul>\n\n\n\n
| Read also:<\/span> How does 2-factor authentication work?<\/a><\/p>\n\n\n\nHow to Enable Automatic Creation of OTP tokens in Sophos<\/strong><\/h2>\n\n\n\nNote: To configure programmable hardware token Protectimus Slim NFC you\u2019ll need an Android smartphone with NFC support.<\/strong><\/p>\n\n\n\nVirtually every Sophos product comes with this option (Sophos UTM, Sophos Central, Sophos XG Firewall and others).<\/p>\n\n\n\n
For example, Sophos Central 2FA can be done via SMS<\/a> or a 2FA application<\/a>, which allows for switching to our Slim NFC hardware token. And thus upping the Sophos 2FA security level to the highest. Let\u2019s see the steps to enable this option.<\/p>\n\n\n\n<\/p>
- Go to the One-Time Password tab<\/strong>
To do this go to the Settings section at Configure > Authentication > One-Time Password.![\"Sophos](\"https:\/\/www.protectimus.com\/blog\/wp-content\/uploads\/2019\/11\/Sophos-two-factor-authentication-1.png\"\/)
<\/p> <\/li>
- Enable Auto-create OTP tokens feature<\/strong>
To permit the OTP and Auto-create tokens features, simply switch both buttons to \u2018on\u2019, don’t forget the \u2018Apply\u2019 button at the bottom.![\"Sophos](\"https:\/\/www.protectimus.com\/blog\/wp-content\/uploads\/2019\/11\/Sophos-two-factor-authentication-2.png\"\/)
<\/p> <\/li>
- Get the QR code with the secret key<\/strong>
Go to the user login page at Sophos. Since we\u2019ve turned the auto-create option on, the login page now offers a QR code.![\"Sophos](\"https:\/\/www.protectimus.com\/blog\/wp-content\/uploads\/2019\/11\/Sophos-two-factor-authentication-4.png\"\/)
<\/p> <\/li>
- Configure Slim NFC for Sophos multi-factor authentication<\/strong>
4.1. Download and launch the Protectimus TOTP Burner application<\/a> (available for Android only).![\"Sophos](\"https:\/\/www.protectimus.com\/blog\/wp-content\/uploads\/2019\/11\/Sophos-two-factor-authentication-3.png\"\/)
<\/p> <\/li>- Log in by combining your user password with OTP<\/strong>
Return to the User Portal and log in by combining your user password with your Sophos OTP generated using the Protectimus Slim NFC token. The password will look something like this \u2014 userpass123456, where \u201cuserpass\u201d is the password created by the user and \u201c123456\u201d is the OTP generated by the token.<\/p> <\/li><\/ol><\/div>\n\n\n\n
| Read also:<\/span> The Pros and Cons of Different Two-Factor Authentication Types and Methods<\/a><\/p>\n\n\n\nHow to Add Classic Hardware Tokens to Sophos XG and UTM<\/strong><\/h2>\n\n\n\nThe following guide is done with Sophos XG user authentication but the steps are pretty much the same for Sophos UTM two-factor authentication. The guides for Sophos UTM vs XG look alike, here’s the one<\/a> for the unified threat management for you to check out.<\/p>\n\n\n\n1. Enable OTP.<\/strong> <\/p>\n\n\n\nTo do this go to the Settings section at the One-Time Password tab in Configure > Authentication, switch the ‘Enable OTP’ feature on.<\/p>\n\n\n\n
And set up the necessary timestep depending on the model of the classic hardware token you use: <\/p>\n\n\n\n
- 60 seconds for Protectimus Crystal<\/a><\/li>
- 30 seconds for Protectimus Two<\/a><\/li><\/ul>\n\n\n\n
![\"Sophos](\"https:\/\/www.protectimus.com\/blog\/wp-content\/uploads\/2019\/11\/Sophos-two-factor-authentication-5-1024x426.png\")
<\/figure>\n\n\n\n2. Start adding the OTP token manually.<\/strong><\/p>\n\n\n\nPress the ‘Add’ button to manually add Sophos XG or Sophos UTM OTP token.<\/p>\n\n\n\n![\"Sophos](\"https:\/\/www.protectimus.com\/blog\/wp-content\/uploads\/2019\/11\/Sophos-two-factor-authentication-6.png\")
<\/figure>\n\n\n\n3. Select a user and add the secret key<\/strong><\/p>\n\n\n\nSelect a user and add the secret key to authorize this Sophos XG firewall two-factor authentication token to the chosen user account.<\/p>\n\n\n\n![\"Sophos](\"https:\/\/www.protectimus.com\/blog\/wp-content\/uploads\/2019\/11\/Sophos-two-factor-authentication-7.png\")
<\/figure>\n\n\n\nNow the selected account has Sophos XG OTP switched on.<\/p>\n\n\n\n
| Read more:<\/span> 4 Reasons Two-Factor Authentication Isn\u2019t a Panacea<\/a><\/p>\n\n\n\nSophos 2FA Backup Codes<\/strong><\/h2>\n\n\n\nIn Sophos XG 2-factor authentication you can have 10 more emergency passcodes in case a user lost the Sophos two-factor authentication device. To create these additional codes go to the user account you want to enable them for and click the edit button. Find the advanced section and the additional codes field at its bottom:<\/p>\n\n\n\n![\"Sophos](\"https:\/\/www.protectimus.com\/blog\/wp-content\/uploads\/2019\/11\/Sophos-two-factor-authentication-8.png\")
\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
By clicking the \u2018+\u2019 you will automatically create 10 additional passcodes each consisting of 6 digits.<\/p>\n\n\n\n
The user will have to request an additional code from the administrator.<\/p>\n\n\n\n
| Read also:<\/span> How to Backup Google Authenticator or Transfer It to a New Phone<\/a><\/p>\n\n\n\nFAQ<\/strong><\/h2>\n\n\n\nWhich Protectimus hardware tokens can be used for Sophos two factor login verification and how much will they be?<\/strong><\/strong> Protectimus Two<\/a> \u2014 $10.99, Protectimus Crystal<\/a> \u2014 $11.99, re-programmable token Protectimus Slim NFC<\/a> \u2014 $29.99 plus shipping.<\/p> <\/div> What is the minimum quantity of tokens for Sophos Firewall that can be ordered?<\/strong><\/strong> Any Protectimus order can be as small as only one token.<\/p> <\/div>
Are there any discounts for Sophos Firewall tokens?<\/strong><\/strong> Sure, the discounts start from 50 pieces an order.<\/p> <\/div>
Does Protectimus Slim NFC support multiple secret keys (seeds)?<\/strong><\/strong> Only one seed at a time is allowed. But the best feature of the Slim NFC token is that it can be reused. You just need to program it for another account once the initial one is no longer in use.<\/p> <\/div>
Can I order a hardware token with my company logo?<\/strong><\/strong> Protectimus Slim NFC device can be branded from as small as one device per order. Protectimus TWO branding can be done from 1000 pieces per order.<\/p> <\/div> <\/div>\n\n\n\n
Read more:<\/strong><\/h2>\n\n\n\n- 10 Steps to Eliminate Digital Security Risks in Fintech Project<\/a><\/li>
- 2FA Chatbots vs. SMS Authentication<\/a><\/li>
- Time Drift in TOTP Hardware Tokens Explained and Solved<\/a><\/li>
- 2FA Security Flaws You Should Know About<\/a><\/li>
- Office 365 MFA Hardware Token<\/a><\/li>
- Hardware Tokens for Azure MFA<\/a><\/li>
- Two-factor authentication for Windows 7, 8, 10<\/a><\/li>
- PayPal Two-Factor Authentication with Hardware Security Key<\/a><\/li>
- Man In The Middle Attack Prevention And Detection<\/a><\/li>
- Ransomware \u2013 to Pay or Not to Pay<\/a><\/li><\/ul>\n<\/span>","protected":false},"excerpt":{"rendered":"
Sophos solutions allow for reinforcing Sophos 2FA (two-factor authentication) with Protectimus OTP hardware tokens with one of these two methods: Enabling \u2018Auto-create OTP tokens for users’ feature. This automatic method allows for using our programmable Slim NFC token instead of the standard application for multi-factor authentication. Disabling \u2018Auto-create OTP tokens for users’ feature. This manual […]<\/p>\n","protected":false},"author":6,"featured_media":5771,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[15,329],"tags":[16,12,120,10,194,479,335,478,421,976,139,581,99],"class_list":["post-5749","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-rd","category-setup-guides","tag-2fa","tag-mfa","tag-multifactor-authentication","tag-otp","tag-protectimus-en","tag-protectimus-crystal","tag-protectimus-slim-nfc-en","tag-protectimus-two","tag-setup-guides","tag-sophos","tag-tokens","tag-totp","tag-two-factor-authentication"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts\/5749","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/comments?post=5749"}],"version-history":[{"count":28,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts\/5749\/revisions"}],"predecessor-version":[{"id":6754,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts\/5749\/revisions\/6754"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/media\/5771"}],"wp:attachment":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/media?parent=5749"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/categories?post=5749"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/tags?post=5749"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- OTP secret<\/em> \u2014 a completely unique 128bit encryption key, used for password creation. Each user has his or her own secret.<\/li>
- OTP code<\/em> \u2014 a time-limited one-time code, usually consists of 6 digits and is attached to the user passwords to allow authentication.<\/li>
- OTP token<\/em> \u2014 an object that assembles each of the necessary authentication elements (User, OTP secret, OTP pass).<\/li><\/ul>\n\n\n\n
| Read also:<\/span> How does 2-factor authentication work?<\/a><\/p>\n\n\n\n
How to Enable Automatic Creation of OTP tokens in Sophos<\/strong><\/h2>\n\n\n\n
Note: To configure programmable hardware token Protectimus Slim NFC you\u2019ll need an Android smartphone with NFC support.<\/strong><\/p>\n\n\n\n
Virtually every Sophos product comes with this option (Sophos UTM, Sophos Central, Sophos XG Firewall and others).<\/p>\n\n\n\n
For example, Sophos Central 2FA can be done via SMS<\/a> or a 2FA application<\/a>, which allows for switching to our Slim NFC hardware token. And thus upping the Sophos 2FA security level to the highest. Let\u2019s see the steps to enable this option.<\/p>\n\n\n\n
<\/p>
- Go to the One-Time Password tab<\/strong>
To do this go to the Settings section at Configure > Authentication > One-Time Password.
<\/p> <\/li>- Enable Auto-create OTP tokens feature<\/strong>
To permit the OTP and Auto-create tokens features, simply switch both buttons to \u2018on\u2019, don’t forget the \u2018Apply\u2019 button at the bottom.
<\/p> <\/li>- Get the QR code with the secret key<\/strong>
Go to the user login page at Sophos. Since we\u2019ve turned the auto-create option on, the login page now offers a QR code.
<\/p> <\/li>- Configure Slim NFC for Sophos multi-factor authentication<\/strong>
4.1. Download and launch the Protectimus TOTP Burner application<\/a> (available for Android only).
<\/p> <\/li>- Log in by combining your user password with OTP<\/strong>
Return to the User Portal and log in by combining your user password with your Sophos OTP generated using the Protectimus Slim NFC token. The password will look something like this \u2014 userpass123456, where \u201cuserpass\u201d is the password created by the user and \u201c123456\u201d is the OTP generated by the token.<\/p> <\/li><\/ol><\/div>\n\n\n\n
| Read also:<\/span> The Pros and Cons of Different Two-Factor Authentication Types and Methods<\/a><\/p>\n\n\n\n
How to Add Classic Hardware Tokens to Sophos XG and UTM<\/strong><\/h2>\n\n\n\n
The following guide is done with Sophos XG user authentication but the steps are pretty much the same for Sophos UTM two-factor authentication. The guides for Sophos UTM vs XG look alike, here’s the one<\/a> for the unified threat management for you to check out.<\/p>\n\n\n\n
1. Enable OTP.<\/strong> <\/p>\n\n\n\n
To do this go to the Settings section at the One-Time Password tab in Configure > Authentication, switch the ‘Enable OTP’ feature on.<\/p>\n\n\n\n
And set up the necessary timestep depending on the model of the classic hardware token you use: <\/p>\n\n\n\n
- 60 seconds for Protectimus Crystal<\/a><\/li>
- 30 seconds for Protectimus Two<\/a><\/li><\/ul>\n\n\n\n
<\/figure>\n\n\n\n2. Start adding the OTP token manually.<\/strong><\/p>\n\n\n\n
Press the ‘Add’ button to manually add Sophos XG or Sophos UTM OTP token.<\/p>\n\n\n\n
<\/figure>\n\n\n\n3. Select a user and add the secret key<\/strong><\/p>\n\n\n\n
Select a user and add the secret key to authorize this Sophos XG firewall two-factor authentication token to the chosen user account.<\/p>\n\n\n\n
<\/figure>\n\n\n\nNow the selected account has Sophos XG OTP switched on.<\/p>\n\n\n\n
| Read more:<\/span> 4 Reasons Two-Factor Authentication Isn\u2019t a Panacea<\/a><\/p>\n\n\n\n
Sophos 2FA Backup Codes<\/strong><\/h2>\n\n\n\n
In Sophos XG 2-factor authentication you can have 10 more emergency passcodes in case a user lost the Sophos two-factor authentication device. To create these additional codes go to the user account you want to enable them for and click the edit button. Find the advanced section and the additional codes field at its bottom:<\/p>\n\n\n\n
\n\n\n\n<\/p>\n\n\n\n
<\/p>\n\n\n\n
By clicking the \u2018+\u2019 you will automatically create 10 additional passcodes each consisting of 6 digits.<\/p>\n\n\n\n
The user will have to request an additional code from the administrator.<\/p>\n\n\n\n
| Read also:<\/span> How to Backup Google Authenticator or Transfer It to a New Phone<\/a><\/p>\n\n\n\n
FAQ<\/strong><\/h2>\n\n\n\n
Which Protectimus hardware tokens can be used for Sophos two factor login verification and how much will they be?<\/strong><\/strong>Protectimus Two<\/a> \u2014 $10.99, Protectimus Crystal<\/a> \u2014 $11.99, re-programmable token Protectimus Slim NFC<\/a> \u2014 $29.99 plus shipping.<\/p> <\/div>
What is the minimum quantity of tokens for Sophos Firewall that can be ordered?<\/strong><\/strong>Any Protectimus order can be as small as only one token.<\/p> <\/div>
Are there any discounts for Sophos Firewall tokens?<\/strong><\/strong>Sure, the discounts start from 50 pieces an order.<\/p> <\/div>
Does Protectimus Slim NFC support multiple secret keys (seeds)?<\/strong><\/strong>Only one seed at a time is allowed. But the best feature of the Slim NFC token is that it can be reused. You just need to program it for another account once the initial one is no longer in use.<\/p> <\/div>
Can I order a hardware token with my company logo?<\/strong><\/strong>Protectimus Slim NFC device can be branded from as small as one device per order. Protectimus TWO branding can be done from 1000 pieces per order.<\/p> <\/div> <\/div>\n\n\n\n
Read more:<\/strong><\/h2>\n\n\n\n
- 10 Steps to Eliminate Digital Security Risks in Fintech Project<\/a><\/li>
- 2FA Chatbots vs. SMS Authentication<\/a><\/li>
- Time Drift in TOTP Hardware Tokens Explained and Solved<\/a><\/li>
- 2FA Security Flaws You Should Know About<\/a><\/li>
- Office 365 MFA Hardware Token<\/a><\/li>
- Hardware Tokens for Azure MFA<\/a><\/li>
- Two-factor authentication for Windows 7, 8, 10<\/a><\/li>
- PayPal Two-Factor Authentication with Hardware Security Key<\/a><\/li>
- Man In The Middle Attack Prevention And Detection<\/a><\/li>
- Ransomware \u2013 to Pay or Not to Pay<\/a><\/li><\/ul>\n<\/span>","protected":false},"excerpt":{"rendered":"
Sophos solutions allow for reinforcing Sophos 2FA (two-factor authentication) with Protectimus OTP hardware tokens with one of these two methods: Enabling \u2018Auto-create OTP tokens for users’ feature. This automatic method allows for using our programmable Slim NFC token instead of the standard application for multi-factor authentication. Disabling \u2018Auto-create OTP tokens for users’ feature. This manual […]<\/p>\n","protected":false},"author":6,"featured_media":5771,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[15,329],"tags":[16,12,120,10,194,479,335,478,421,976,139,581,99],"class_list":["post-5749","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-rd","category-setup-guides","tag-2fa","tag-mfa","tag-multifactor-authentication","tag-otp","tag-protectimus-en","tag-protectimus-crystal","tag-protectimus-slim-nfc-en","tag-protectimus-two","tag-setup-guides","tag-sophos","tag-tokens","tag-totp","tag-two-factor-authentication"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts\/5749","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/comments?post=5749"}],"version-history":[{"count":28,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts\/5749\/revisions"}],"predecessor-version":[{"id":6754,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts\/5749\/revisions\/6754"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/media\/5771"}],"wp:attachment":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/media?parent=5749"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/categories?post=5749"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/tags?post=5749"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- 2FA Chatbots vs. SMS Authentication<\/a><\/li>
- 30 seconds for Protectimus Two<\/a><\/li><\/ul>\n\n\n\n
- Enable Auto-create OTP tokens feature<\/strong>
- OTP code<\/em> \u2014 a time-limited one-time code, usually consists of 6 digits and is attached to the user passwords to allow authentication.<\/li>