If you've implemented multi-factor authentication, you should disable the default basic authentication to make sure attackers can't exploit it. Attackers will go after weaker credentials and passwords ...