Device Configuration : Configure : Authentication : One-time Password
One-time Password
On this page, you can configure the one-time password (OTP) service, and monitor or edit the tokens of the one-time-password users.
One-time passwords are a method to improve security for password-based authentication. The user-specific password, which is sometimes too weak, will be amended with a one-time password that is valid for only one login. Thus, even if an attacker gets hold of it, he will not be able to log in with it.
One-time passwords generally change consistently, in regular intervals, being calculated automatically by a specific algorithm. Soon after a new password is calculated, the old password expires automatically. To calculate one-time passwords, the user needs to have either a mobile device with an appropriate software, or a special hardware or security token. Hardware tokens are ready to use from the start. On the mobile device, the end user needs to install Sophos Authenticator or a similar software and deploy the configuration, which is available on the start page or on the OTP Token page. Having done that, the device calculates one-time passwords in token-specific intervals. It is important that date and time are correct on the mobile device as the time stamp is used for one-time password generation.
* To authenticate on the facilities where the one-time password is required, the user has to enter his user-specific device password, directly followed by the one-time password.
The administrator can also generate one-time passwords while editing the token, also known as passcodes, manually. In this case, you have to ensure that these are not time-limited one-time passwords and are safely transmitted to the end user.
The page displays all existing one-time passwords. You can add , update or delete an OTP. For each OTP, the list shows:
Username
Displays the user name of the OTP owner.
* QR code will not be displayed for tokens where User is not assigned.
Status
Displays the status of the OTP.
Secret
Displays the 32-hex secret of the OTP.
Description
Displays description of OTP.
Manage
Displays the available management options:
Info: Click to view the QR code.
Edit: Allows you to edit the OTP.
Delete: Allows you to delete the OTP.
Synchronize:Click to synchronize OTP with Sophos XG Firewall device(s).
To add or delete a token or configure the general OTP settings, click on the corresponding buttons.