[TheSwordsman]

Worrying about situations like this is exactly why I try to avoid SSO at almost all costs for personal stuff, and instead prefer to use a username/email and a unique password.

I really feel for any developers who are impacted by this, as well as users who may not be able to get to some of their data.

Hopefully it's temporary, although with the Doge icon who knows...

[fhrow4484]

Avoiding SSO to keep access even if you loose access to bigCo email has been working well, but unfortunately more & more websites are moving away from password to instead verification code in the email.

Sure there are advantages to it, but if the email is bigCo, it effectively has the same drawbacks as SSO from same bigCo (i.e unfair account suspension, you're screwed)

With email+password, even if you lost access to let's say your Gmail, you can still login with that Gmail address and your password and go change the email in your account profile.

[TheSwordsman]

Yeah. I've moved most of my critical stuff off my GMail address onto a Google Workspace account, just sucks that not everything works with a Google Workspace account. I am just hoping that actually paying them money makes it a little less likely my account will get suspended.

[djbusby]

Got bad news for you.

[TheSwordsman]

I also don't use the account for anything that could get a suspension. No public user content, not used for SSO, and I don't have anything programmatically accessing my account. I know there's still a non-zero chance of getting nuked, but my risk as near zero as it gets.

[0cf8612b2e1e]

Banned for suspiciously avoiding the perks of the platform.

[WalterSear]

Banned for having a similar email to the one they intended to ban.

[askvictor]

SSO idp would generally pass an email address through to the service, no? I could be mistaken about that, but if so, then you'd still have access to a password-recovery-by-email if the identity provider shuts down.

[TheSwordsman]

I've seen many systems that disallow the password reset flow when you sign in via SSO, since the expectation is that you as the service provider are not the authority for the user's identity.

[alex_suzuki]

Can confirm, happened to me just yesterday for ngrok.com/Login with Google.

[chaz6]

I completely understand this, but for me this would be very difficult. I use mfa with 3 tokens (one I keep on my person, one by my home computer, and one in a safe place). If one were ever to be lost or damaged it would be a nightmare to have to go through every online account to replace it with a new token.