2 points | by trinsic2 7 hours ago ago
4 comments
Consensus in the security space is that passwords are really bad. So many products are migrating away from passwords to magic links/passkeys.
0) Word you want is fingerprinting ?
1) They can already do this at the login point before the email is send
2) It is more likely, for general users, such that users reuse passwords and get stuffed often
I believe this is the reason:
Imagine, you work in bigCorp. You have company email address: my-name@bigCorp.com
bigCorp pays for your access to SaaS service.
You switch jobs, your email is revoked/removed. You can not log in anymore.
If there was no 2FA via email - you still can access service with email+password in case they failed to remove your access to specific service.
If all services use 2FA via email - bigCorp has less access problems.
That is also partly related with SAML/SSO lack of "sign off".
No BigCorp would ever use a SaaS product that doesn’t have SSO federation. No IT department wants to keep track of individual logons.
Consensus in the security space is that passwords are really bad. So many products are migrating away from passwords to magic links/passkeys.
0) Word you want is fingerprinting ?
1) They can already do this at the login point before the email is send
2) It is more likely, for general users, such that users reuse passwords and get stuffed often
I believe this is the reason:
Imagine, you work in bigCorp. You have company email address: my-name@bigCorp.com
bigCorp pays for your access to SaaS service.
You switch jobs, your email is revoked/removed. You can not log in anymore.
If there was no 2FA via email - you still can access service with email+password in case they failed to remove your access to specific service.
If all services use 2FA via email - bigCorp has less access problems.
That is also partly related with SAML/SSO lack of "sign off".
No BigCorp would ever use a SaaS product that doesn’t have SSO federation. No IT department wants to keep track of individual logons.