If business partners or companies use Sophos or OpenVPN Access, it is likely that they use some sort of OTP “one time password” mechanism. Either as a standalone password or as a combination of a persistent password + one time password. Usually entered one after another without any whitespace as a response to the VPN client querying upon connection buildup.

If one wanted to automate that, for example on a VPN Gateway, oathtool comes in handy. It allows to generate the right one time password using the initial setup string like that:

oathtool --totp -b "JBSWY3DPEHPK3PXP"

The resulting OTP can then be used further to authenticate with the OpenVPN commandline client.

Using WSL or MSYS2 you can also use (or compile and then use) oathtool on Windows.