Wise @X friends: why have major authentication providers like
@auth0 and @ClerkDev and @Google / @LinkedIn SSO have not supported "Multi-Signer Authentication": instead of a single signer, simply ask for more signers to authenticate an action (login, or approval).
For example, when traditionally a low risk action would be validated with a single email confirmation, a high risk action (change password, add passkey) will require two different email confirmation with two different email domains, and plus, a user can add N email addresses (trusted contacts) and a min M of these email addresses can help approve a change of email.
This is not very much different from what @safe achieves already using smart contract, but is massively backward compatible with emails
This will massively reduce the chance of social engineering.
xinbenlv•1h ago
For example, when traditionally a low risk action would be validated with a single email confirmation, a high risk action (change password, add passkey) will require two different email confirmation with two different email domains, and plus, a user can add N email addresses (trusted contacts) and a min M of these email addresses can help approve a change of email.
This is not very much different from what @safe achieves already using smart contract, but is massively backward compatible with emails
This will massively reduce the chance of social engineering.