(I'm a Tailscale co-founder) The idea is to avoid building yet another commercial service that holds onto your username and password. People have enough identities already. More details here: https://tailscale.com/blog/how-tailscale-works/
We know we keep getting feedback that people want a different way to authorize their accounts (especially for personal use), so we're looking at other options. We just really want to stay out of the username+password business; it's simply bad security practice.
I'd actually rather you have my username and password, since I use a password manager and every password is long and unique. I don't want to tie my Google/Apple/<X-Mega-Corp> account to my Tailscale account. This way I can also more easily keep track of which accounts I have since my password manager stores them all. So I will wait for email signup (which currently just subscribes me to a mailing list...)!
It's easy to make a basic password login system, and very technical people use password managers, long passwords, etc. But there's a long "tail" (ha ha) of people who don't use long passwords, who will reuse their password on multiple web sites, who will forget their password and need to recover it using their mother's maiden name, etc. This opens up unlimited opportunity for phishing attacks.
And you don't get any key rotation unless you force people to change their passwords occasionally, which is itself now deprecated as a bad practice because people then start writing their passwords down on paper or storing them in a spreadsheet, which is even worse than no rotation. (Tailscale rotates your VPN keys automatically, but it's all for naught if the root key is just a password.)
We know that something better is needed for personal accounts, but please, not username+password. Your private network security is important. The world needs something much closer to foolproof.
It originally said "a few", not "few", which was intended to have a slightly different meaning, but I've edited it to remove that because you're right and it's not important :)
Unfortunately non-technical people mostly don't use a password manager and we can't assume they do. Tailscale is about making the Internet secure by default, and passwords will never be secure by default.
FWIW, we'll probably also be supporting GitHub (and maybe Twitter?) auth, as well as perhaps letting you run your own auth server if you set up the right DNS records. Lot of things yet to do.
Super excited to see that you'll be supporting GitHub! That being said, do you have plans to implement any sort of account merging? For example, the ability to login with one of multiple authorized accounts (so my Google Account, my Twitter account, or my GitHub account).
(Tailscale co-founder) This question goes through my mind a lot. I personally want it for myself. However there's a "weakest link" problem in identity management: if you have N identity managers merged together, then your account is only as secure as the weakest one of them. So connecting multiple identity providers to one account might be risky.
On the other hand, I really like Keybase's way of federating multiple identities together, where each additional identity provider increases rather than decreases confidence.
There's more than just security concerns, when you allow a bunch of third-party accounts to access one of your first-party accounts.
If your highest concept of identity is the account and identity managers allow you to authenticate to that account, let's say you have a tailscale account with id 123, and any human who has access to john@personal.org or john.smith@job.com can access that account.
What do you do when John leaves job.com? Can John (accessing the account through john@personal.org) still admin the job.com bits?
I think the right abstraction is having first-party (in this case tailscale) accounts belonging to one or more "teams" and authenticating with a @job.com address allows you to switch to the job.com team in the UI / allows you to generate API creds that modify job.com's team.
I really love the privacy- and security-centric design of Sign In with Apple, but so far it only works if you have Apple hardware, right? Tailscale's selling point is you can use it on all your devices (modulo Android support which isn't released yet).
Sign in with Apple works natively on iOS, macOS, tvOS, and watchOS. And it works in any browser, which means you can deploy it on your website and in versions of your apps running on other platforms.
So it at least sounds like it can be used anywhere with a web login flow. Although the docs say this must be accomplished using their JS library, as opposed to a standard OAuth2 flow of some kind: https://developer.apple.com/documentation/sign_in_with_apple
FWIW I setup tailscale a few days ago with an iPad mini, iPhone, and Mac mini server. I don't know how many networks would be "Apple Only", but I would certainly prefer a quick Apple Sign in button vs. using Google.
Have you considered integrating with Keybase? I think the identity system of Keybase coupled with the secure mesh networking of Tailscale would be a really powerful combination.
Github's on the list to support, yeah. We can speak most "identity provider" protocols these days (OAuth, OIDC, SAML, etc.), but it's this weird little universe: the protocols are meant to let you implement once to support everyone, but in practice every IdP has its own little idiosyncrasies that mean you need a little bit of dedicated code for each new IdP. So, we end up with a backlog of "support IdP X, which is ostensibly OAuth but does something strange we've never seen yet" :)
Thank you for your response. Having battle scars from handling authentication in an enterprise SaaS, you'll notice I chose my words carefully and didn't say "just do/use" :)
I really want to give you guys money for my personal use but $10/user/month is steep when I know the other users will only use it once it a blue moon (but of course, when they need it they'll REALLY need it).
If there was something like a "supporter plan" that was similar if not identical to the free plan but charged a flat fee, I'd be all over that.
"supporter tier" is an interesting idea! We're still figuring out what kind of pricing makes sense for personal use vs. company use. Hopefully we'll have something soon!
In the meantime, it's fine to be on the solo plan for personal use, it's there and free to be used :)
We (ZeroTier) dragged our feet on this stuff for a long time because we are personally of your mindset, but we get asked for it a lot so more of it will be coming. The ability to use your own auth and your own other things will never go away though, and with ZT you can run a fully independent network controller if you want.
Personally I want ZT to integrate support for integrated (e.g. Apple security chip) and discrete (YubiKey etc.) secure tokens and enclaves. That is where the real security is at.
