I will teach you a trick. Login with e.g. github. Create a tailnet. Create new user invite link, use it yourself - you can setup login with passkey to this second user. Promote to admin. Leave with your github user. Voila you have an account and tailnet with only passkey, no big brother oauth or anything.

Since when can you use regular email? That’s odd. When i checked it out it wasn’t possible and there was even a post why. That tailscale is no identity provider and such things

I use Pocket-ID for my OIDC and it was easy to set up with Tailscale, you just have a custom domain which I do and I just login with my OIDC Account which is 100% self hosted on my local server.

If you have a VPS, consider setting up either Headscale or Netbird if you don’t want to use any of Tailscale’s built-in auth methods (with all necessary security precautions taken of course). If that’s not an option I’d suggest going back to Wireguard for sure.

I don’t want to risk any data compromise at some point

What data compromise are you worried about?

• End-to-End Encryption: Tailscale utilizes WireGuard
• No Centralized Servers: Tailscale creates a direct peer-to-peer connection between devices
• Minimal Metadata: Tailscale may collect some metadata to facilitate connections, but this info does not include the content of your data.
• User-Controlled Access: You have control over which devices can connect
• Tailscale does not, and cannot inspect your traffic

I’m not the Tailscale sales person. Go with whatever suites your threat model. I am just curious what data compromise you are concerned with. If it’s the metadata aspect, you already blew that away when you made the post here at Lemmy, even assuming you are using a VPN.

I went with Google.

Edit: I am just saying what I went with. I didn’t have another fitting option.

headscale /thread