It’s only bad practice if you don’t keep up on vulnerabilities/patching, don’t have any type of monitoring or ability to detect a potential breach, etc.
The nice thing about tucking everything behind a VPN is you only have one attack surface to really worry about.
No, OP is completely correct. It’s all down to how the company configures their MFA, but MS MFA will definitely show you a two-digit number on the system you initiated the auth on, and force you to type that on your Authenticator app.
I work with a vendor that has this setup and do this every day when accessing their systems.
Thankfully my own company doesn’t have the type a number stuff turned on.
That’s not true anymore. https://docs.fcc.gov/public/attachments/FCC-19-72A1.pdf
I moved from technical, to management, did that for around 4 years and decided that was enough. Switched jobs (also probably way overdue at that time) to a senior network engineer, left after a year and became a network architect. I’ve done that for a few employers ever since and generally love it.
I just do this for money, I care about my work of course, but end of the day I want to shut down and forget about it. My current role lets me do that pretty easily.
Being in management that long might make it harder, unfortunately. But I’d totally recommend trying to pivot to an architect role if you have the skills.
Absolutely. I live in Milwaukee where the local archdiocese already did the whole bankruptcy deal years ago. Somehow they got to pay a small pittance to the victims, get out of everything else, and they still own all of their (very lucrative) property. And that’s not just the church buildings, but their giant lakefront campus and no doubt tons of other non-house of worship property.
And that was after all of the documents were released showing the leadership was completely aware of the problem and covering it up just like everywhere else.
It’s a complete sham and abuse of the bankruptcy system.