Multi-Factor Authentication (MFA) should be used in remote access to ensure the identity of the individual attempting to gain remote access to the network or system. MFA adds another factor to the login process. You need to know something, such as the password, with traditional authentication. MFA adds something that you have in the form of an authentication token or a cell phone.
Reroute access opens the network and system up to connections and possible attacks from the outside. Increase security to mitigate this vulnerability when additional authentication is layered onto the system.
MFA should be enabled for all remote access to the network. Specify what MFA is enabled for, as it should be used at least for all remote network access and any privileged functions in web applications. MFA can include authenticator applications or tokens that generate One Time Password/PINS (OTP) or via SMS. OTPs are the current preferred mechanism, as SMS messages can be intercepted or redirected to an attacker.