Sophos Home Premium Authentication Required for Management Console
Dear Support Team,
I have observed that whenever you open the Sophos Home Premium agent on the Endpoint (client computer), it has a settings tab located on it. I have observed that by clicking this settings tab automatically takes you to the Sophos Home Premium Cloud Management Console, without even asking or prompting for the username or password on the website, which is quite insecure I would say.
That way anyone using the home computer can change the policies and security settings. I want to enforce certain restriction on the Laptops used by the kids. Since the settings tab does not prompt for credentials, they get direct access to modify the policies.
In addition to to prompt for credentials I would request you to even provide MFA for Advanced users., and simply credentials for standard users.
Please take this on priority.
Worst if any hacker / attacker manages to get remote access of the endpoint, he can directly access the Management Console through the agent and turn off all the security settings as if there was no AV ever installed.