diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in
index 3187205392978ed5fa18d6a61b346fc816a84cef..fabe8a1ba0710dd877bc3737cf85a752846a384d 100644
--- a/doc/dbus-daemon.1.xml.in
+++ b/doc/dbus-daemon.1.xml.in
@@ -491,6 +491,10 @@ exist, then all known mechanisms are allowed. If there are multiple
<auth> elements, all the listed mechanisms are allowed. The order in
which mechanisms are listed is not meaningful.
+On non-Windows operating systems, allowing only the
+ EXTERNAL authentication
+ mechanism is strongly recommended. This is the default for the
+ well-known system bus and for the well-known session bus.
Example: <auth>EXTERNAL</auth>