OTP - Personal backup codes
having an TOTP authenticator for multi-factor authentication is pretty handy and a huge benefit for the customers, because it comes free of charge for local stored (on-appliance) users.
I was playing around with it for a while and came across the personal backup codes, which a user can download when logged in and Options are enabled. These kind of ICE codes can come in handy, but it would be great to have more granular over that feature.
When the TOTP authenticator is unbound, the personal backup codes still work until all are used. There is no way to unbind the list of personal backup codes, just in case they got compromised. The only way is to delete the user, which can be unfortunate when user-specific settings are done.
Another aspect is, when Options are enabled for the portal, the user can unbind the authenticator app, there is no way for the user (or the administrator) to generate the personal backup codes without compromising the app binding.
Maybe this can be addressed more granular in a future release.
/// official fan of SSL-VPN -> SRA -> SMA since 2006 \\\
There are two possible approaches to get this changed.
One way to approach this is to open a case with support. Describe the problem with TOTP as a bug. This will likely lead to a Request for Feature Enhancement (RFE).
The more direct approach would be to contact whomever you work with in the Sonicwall Sales team and ask them to submit the RFE.
RFEs are a sales tool to get changes to the product that customers want. Support actions end typically with the submission of the RFE. RFEs are not a fast turn around prospect on average.
I'll take the approach to see if more of the community feels the pain, because neither opening a support case for this or asking the sales (which usually ends in the question how much more appliance I would sell if it gets implemented) is currently what I need.
When there is some feedback on this I'll go the path you mentioned, like I did plenty of time in the past.