The End of Optional Security: Snowflake and the Global ID Fallout

John Z Black Apr 22, 2026 Privacy & Digital Rights #mfa #snowflake #identity #breach #france #canada-life #saas-security

For years, SaaS vendors gave us tools and called security a personal choice. snowflake is officially calling time on that era. Starting in May 2026, MFA is not a recommendation on their platform, it is a requirement. No exceptions.

The numbers for this week explain why. France just saw its national identity portal breached, exposing data for up to 19 million people. In Canada, a breach at Canada Life resulted in claims that over 5.6 million Salesforce records were taken. In both cases, the lack of airtight multi-factor controls or the abuse of persistent session tokens turned simple accounts into gateway drugs for massive data theft.

The industry is shifting from flexibility to survival. If your platform lets you opt out of basic security, you are not being given freedom. You are being handed a liability. It is time for vendors to draw the line, and Snowflake just drew its in permanent ink.

Get the full scoop on why opt-in security is dead.