I have 2 jobs. One working for a state government agency. The other working for a city. My state agency uses Office 365 and everyone can log in to Outlook, Sharepoint, OneDrive, etc anywhere with just a lot a login and password. Ever sense we got 365, we’ve been plagued by phishing attempts.
The City and my wife’s employer also use 365 but they require dual factor authentication with push notifications or calls/texts for every log in.
I want to ask our IT manager why we don’t but given that my job has nothing to do with IT, I don’t feel it’s necessarily my place to critique them. Should I say something anyway?