> Avoid places that only offer the "Login with Foo" if at all possible (looking at you Tailscale).
Tailscale is the only serious company that I can ever recall offering /only/ third party login. It's bit bizarre on the face of it. Anyone know the reason?
I think I read somewhere (but could be wrong) that it was because they didn’t want to own any “authentication” services. Their infrastructure was zero trust (as in they don’t hold any passwords or private keys), just a discovery server for different devices.
Perhaps they are not a serious company after all?
Spotify did this for years in the beginning too. I remember this was the reason I didn’t use them until they proposed email logins.
I use my own OIDC connection to Tailscale. I don't use a third party for login. It's not hard to set up.
Curious isn't it, especially as it's such a bad fit for their product - authenticating with GitHub in order to ssh made the whole thing so much more painful than it needed to be. I subsequently tried switching to using a passkey when that became an option, but it's not possible to make the passkey user the owner of a tailnet created by a GitHub org user, so I'm stuck with two users in my Tailscale and can't delete the GitHub org user. It's the main thing that keeps me looking for a reliable alternative to Tailscale.
ZeroTier. It works well for me. I chose it over Tailscale because it doesn't require a third party for login.
[dead]
Is Tailscale really a serious company?
My other annoyance lately is companies that don't let you set a password. It's either passkey only (which I'm not sold on, yet), or "we'll email you a login link". Great, now I have to wait for the email to show up, click the link, hope it doesn't expire if I get distracted while waiting, and then also delete your emails, sometimes multiple times a day?
What a shit tier authentication mechanism.
"Login via email code" is also a nightmare on Android. Android regularly kills any processes that are not in the foreground, so I recently went through a whole ordeal trying to login to the MLB app: it requires me to type in an email code, I switch to my email client, get the code, go back to the MLB app, and the page reloads (because it was killed in the background) requiring me to request a NEW email code. I tried this literally five times, going as fast as I could; it seems like it was just deciding to kill the browser process as soon as I switched to the email client, no matter what. This is mostly Android's fault but it's insane and I don't get why I don't hear people complain about this more often
I despise this. Slack keeps doing this even though I have a password and 2FA configured.
Vercel won't even let you set a password.
"Sign-in methods: Email, passkey, Google account, Apple account, GitHub, GitLab, Bitbucket".