Generally people have a recovery option (“Forgot Password”) which routes to the same email, meaning it’s effectively already a single point of failure.
But it’s generally a well-secured one (2fa, ip monitoring ). So in effect we’re not making it more of a single point of failure, we’re just removing the various other means of attack by removing site-specific identities (passwords)
But it’s generally a well-secured one (2fa, ip monitoring ). So in effect we’re not making it more of a single point of failure, we’re just removing the various other means of attack by removing site-specific identities (passwords)