Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What are you on about. For years logging in with email was possible even on the most amateurish projects. Now that's not possible for tailscale? Why


Because they don't want your password and as a security company, I applaud that.

Account issues, recovery, support that can be manipulated, a single breach or bad password that grants access to their admin interfaces, implementing their own 2FA.

And, serious people want SSO anyway, and most people have some kind of authentication they can lean on.

You can make a stodgy password login if you want, or you can run a keycloak yourself.

If you don't want to run an OIDC provider for yourself, why would you want them to?

Genuinely I applaud the idea that they're SSO first, and have as little information as possible to handle things. If you don't like it; well, run your own, run headscale - or, use wireguard another way.

Not every company needs their own login system. I fucking hate it.


Microsoft was hacked before and I don't trust them but I trust the email provider at the company I work for now what


Microsoft getting hacked proves my point more than you think, they're less likely to get hacked now because they have scar tissue. You're basically saying: "If you ever get hacked your reputation is burned forever, but I want these guys who have never done it before to handle logins for me even though they are saying that they are not comfortable with the extra responsibility". Get over yourself.

If you trust your email provider: Ask them to set up an OIDC provider then.

Email is insecure. I can't be the first person to tell you this.

Multiplying your logins is not more security, it's less in the majority of cases.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: