alt Hacker NewsI can understand you not ditching after the first suspension but the second suspension should have been the point where you took the choice.
First time is a fluke, second time is a serious wake-up call, third time it's your fault.
Do you really want to reach the point where all your customers have an outage, you have to rush implementing something else (oidc or api keys) AND rush your customers to change your settings?
Second and third suspensions are a week apart. Wouldn’t be enough time to shift customers to a new auth format, specially when most of the burden is on them.