[tkems]

I was shocked when I purchased a domain recently on GoDaddy (I normally use Cloudflare or AWS) and noticed that they have an 'upsell' with more security options (MFA and some other features) for something like $10/yr. Why wouldn't they want their customers to be more secure by default? To me it just reeks of money-grabbing for people that are none the wiser.

[grajaganDev]

It is outrageous and irresponsible to charge for MFA.

It show a cavalier attitude toward the greater security of the internet.

[Terretta]

Same for OIDC (and even traditional SAML SSO).

If every stolen or potentially stolen credential was billed to the breached provider at even $100/account*, SSO would become free so fast your head would spin.

Every credential in the provider's DB would be correctly seen as a liability.

* Arguably the number should be higher and contribute to a infosec response, detection, and preventative measures warchest. Though, ultimately, this would probably just enrich cybersecurity insurance firms.

[grajaganDev]

Agreed.

Another example is Microsoft charging extra for enhanced logging. This came to light during the SolarWinds debacle.

[philsnow]

Not exactly the same but this reeks of https://sso.tax.

[fastball]

Why did you purchase a domain on GoDaddy if you know better?