And you should be too, for far too long developers have taken the lazy way with SSO by using a users email address as their identifier instead of a unique value.
This has resulted in numerous issues for IT professionals and major security issues in general.
Just as some examples of why poor SSO is bad:
- https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/ (Email identifier allowed disabled GSuite accounts to login to 3rd party services anyway)
- Changing a users email because they changed their name = nightmare headaches
- Changing a companies email template = nightmare headaches
And these are just some of the issues.
This website is designed to call out every company and website that has lazy developers who use email as the user identifier for SSO in the hopes that shaming them will result in change because clearly other methods of trying to send a message haven't worked in the past decade.