banditoitaliano@lemmy.worldtoSelfhosted@lemmy.world•Is it considered bad practice to expose selfhosted services on public internet?English
12·
1 year agoIt’s only bad practice if you don’t keep up on vulnerabilities/patching, don’t have any type of monitoring or ability to detect a potential breach, etc.
The nice thing about tucking everything behind a VPN is you only have one attack surface to really worry about.
No, OP is completely correct. It’s all down to how the company configures their MFA, but MS MFA will definitely show you a two-digit number on the system you initiated the auth on, and force you to type that on your Authenticator app.
I work with a vendor that has this setup and do this every day when accessing their systems.
Thankfully my own company doesn’t have the type a number stuff turned on.