|
|
|
|
|
|
by jiveturkey
1458 days ago
|
|
|
You mean the SaaS can add their own MFA? No, they can't. If you do that, you have no reasonable way to recover accounts. You get down the rabbit hole of extremely difficult UX, vs easily bypassed MFA. Once you add MFA, you cannot allow account recovery without it. This is the still-hard part of MFA. By the time you go through all the rigamarole, you're just better off forcing your customer to manage their own MFA. |
|
|