Why email is a risky key for single sign-on integrations
A recent identity provider flaw allowed attackers to hijack accounts by exploiting how federated logins map users to local profiles, revealing a critical flaw in relying on email as a primary identifier.