The Cybersecurity and Infrastructure Security Agency (CISA) added the use of single password-based authentication to the list of risky practices, the Bad Practices list. The agency has warned that the practice of using a username and password as the only means of authentication is a bad practice especially for businesses that support critical infrastructure. Instead, Multifactor Authentication or MFA is a better authentication approach and provides the best Return on Investment (ROI) in terms of implementation and the attacks that are thwarted. Contrary to popular belief that MFAs will make password managers obsolete, full featured password managers could reduce customer friction and improve customer productivity by reducing downtime.