From eca7f94351c36b14a5d6049ff774e32a11e16874 Mon Sep 17 00:00:00 2001
From: GitHub Actions <actions@github.com>
Date: Thu, 4 Dec 2025 18:10:13 +0000
Subject: [PATCH] fix: update MFA recommendation for admin accounts in security
 documentation

---
 docs/issues/Additional_Security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/issues/Additional_Security.md b/docs/issues/Additional_Security.md
index 6d735f8c..64366cda 100644
--- a/docs/issues/Additional_Security.md
+++ b/docs/issues/Additional_Security.md
@@ -38,5 +38,5 @@
 **Enterprise-Level Security Gaps:**
 - **Missing:** Security Incident Response Plan (SIRP)
 - **Missing:** Automated security update notifications
-- **Missing:** Multi-factor authentication (MFA) for admin accounts (Use Authentik via built in. No extra external containers)
+- **Missing:** Multi-factor authentication (MFA) for admin accounts (Use Authentik via built in. No extra external containers. Consider adding SSO as well just for Charon. These are not meant to pass auth to Proxy Hosts. Charon is a reverse proxy, not a secure dashboard.)
 - **Missing:** Audit logging for compliance (GDPR, SOC 2)