Having been an infrastructure provider for 30 years, this answer is largely unjustifiable.
It's a bunch of handwaving to try to get price discrimination for a "how the Internet is supposed to work" standard everyone, even a single dev client of the SaaS, should be using.
And that the SaaS provider should be pushing so they don't have the liability of subscriber credential database protection ...
> even a single dev client of the SaaS, should be using.
Having assessed 600+ software companies (many of which are 5-50 employees), I'd say about half of them use MFA consistently across their business. And it's not a budgetary issue, but more of a logistic/IT/prioritization one.
It's a bunch of handwaving to try to get price discrimination for a "how the Internet is supposed to work" standard everyone, even a single dev client of the SaaS, should be using.
And that the SaaS provider should be pushing so they don't have the liability of subscriber credential database protection ...