When AGOL for Organziations content is shared with Public, it's description inculdes:
Worse yet, when organizations use federated Enterprise logins, the same account credentials allow access to payroll, email, source code, and other cloud-based solutions. And unfortuantly, AGOL doesn't support multifactor authentication when enterprise logins are used.
To make implementation of this easy for existing and new accounts, create an ALIAS account property and have it default to username, but allow members (or at least an administrator) to change it.
Also, if people could have an offical title displayed rather than username (such as "X County Records Officer") it would help organizations avoid needing to create extra AGOL accounts with these names for purposes of conveying offical content. (and if wanting all members to only log in with enteprise logins, having tilte-based account names means they need to be created in the enterprise directory, which some organizations might not allow).