Tailscale doesn't want your password

Tailscale has never supported password-based authentication, viewing passwords as outdated and insecure due to complexities in creating, remembering, and managing them. Instead, Tailscale initially relied on Google and Microsoft authentication providers and later expanded to include GitHub, Apple, and custom OIDC providers. Now, Tailscale is promoting the use of passkeys as a modern, secure alternative to passwords. Passkeys are unique for each account and site, resistant to phishing, and synchronized across devices through services like iCloud Keychain, Google Password Manager, and 1Password. For Tailscale users, admins can invite new users to their tailnet using a passkey, creating a public/private key pair unique to Tailscale for each user. Passkeys offer a passwordless experience, enhancing security by eliminating the risk of phishing and syncing credentials securely across devices. Although passkeys are currently available in beta for Apple macOS and iOS, Google Chrome and Android, as well as with 1Password and Yubikey, adding a passkey to an existing login is not yet possible, requiring an additional user for backup access.