People overwhelmingly recommend SSO. Isn’t that lowering the security level? If that single account gets taken over, the attacker has access everywhere else too.
Some places let you configure SSO+2FA, which helps; but in most cases clicking a social login button gets you full access.
And speaking of a single point of failure, cloud password managers look even worse[1].
Some places let you configure SSO+2FA, which helps; but in most cases clicking a social login button gets you full access.
And speaking of a single point of failure, cloud password managers look even worse[1].
[1]: https://thehackernews.com/2023/02/lastpass-reveals-second-at...