(I'm a Tailscale co-founder) The idea is to avoid building yet another commercial service that holds onto your username and password. People have enough identities already. More details here: https://tailscale.com/blog/how-tailscale-works/
We know we keep getting feedback that people want a different way to authorize their accounts (especially for personal use), so we're looking at other options. We just really want to stay out of the username+password business; it's simply bad security practice.
I'd actually rather you have my username and password, since I use a password manager and every password is long and unique. I don't want to tie my Google/Apple/<X-Mega-Corp> account to my Tailscale account. This way I can also more easily keep track of which accounts I have since my password manager stores them all. So I will wait for email signup (which currently just subscribes me to a mailing list...)!
Have you considered integrating with Keybase? I think the identity system of Keybase coupled with the secure mesh networking of Tailscale would be a really powerful combination.
We (ZeroTier) dragged our feet on this stuff for a long time because we are personally of your mindset, but we get asked for it a lot so more of it will be coming. The ability to use your own auth and your own other things will never go away though, and with ZT you can run a fully independent network controller if you want.
Personally I want ZT to integrate support for integrated (e.g. Apple security chip) and discrete (YubiKey etc.) secure tokens and enclaves. That is where the real security is at.
apenwarr|6 years ago
We know we keep getting feedback that people want a different way to authorize their accounts (especially for personal use), so we're looking at other options. We just really want to stay out of the username+password business; it's simply bad security practice.
mholt|6 years ago
mromanuk|6 years ago
ahnick|6 years ago
c17r|6 years ago
ThePowerOfFuet|5 years ago
api|6 years ago
Personally I want ZT to integrate support for integrated (e.g. Apple security chip) and discrete (YubiKey etc.) secure tokens and enclaves. That is where the real security is at.
bsg75|6 years ago