If every stolen or potentially stolen credential was billed to the breached provider at even $100/account*, SSO would become free so fast your head would spin.
Every credential in the provider's DB would be correctly seen as a liability.
* Arguably the number should be higher and contribute to a infosec response, detection, and preventative measures warchest. Though, ultimately, this would probably just enrich cybersecurity insurance firms.
If every stolen or potentially stolen credential was billed to the breached provider at even $100/account*, SSO would become free so fast your head would spin.
Every credential in the provider's DB would be correctly seen as a liability.
* Arguably the number should be higher and contribute to a infosec response, detection, and preventative measures warchest. Though, ultimately, this would probably just enrich cybersecurity insurance firms.