Totally agree on the compromised credential check, hence itβs also part of my general password policy recommendations [0].
I also agree that IdPs and SSO is commodity nowadays (to speak in Wardley-terms). However, some orgs still have vastly heterogeneous authentication systems. In these situations it might be financially beneficial first do unify and then switch to an off-the-shelf service provider later. OIDC makes it possible.
Lots of uncritical media coverage out their and to be fair, I am also quite hyped about killing passwords. Nevertheless there is certain aspects that I believe did not get enough attention yet, the biggest potentially being the switch from knowledge to possession factors.. not sure whether everyone is aware of the potential implications.
Discover the power of Honeytokens in credential breach detection, and learn how they bolster defenses against authentication attacks from cybercriminals by improving threat detection.
I also agree that IdPs and SSO is commodity nowadays (to speak in Wardley-terms). However, some orgs still have vastly heterogeneous authentication systems. In these situations it might be financially beneficial first do unify and then switch to an off-the-shelf service provider later. OIDC makes it possible.
[0]: https://www.jbspeakr.cc/password-strength-policy-guide/#pass...