Please follow https://www.us-cert.gov/ncas/current-activity/2021/08/30/cisa-adds-single-factor-authentication-list-bad-practices.