What do you guys do about usernames / passwords for your local services?

AMillionMonkeys@lemmy.world to Selfhosted@lemmy.world – 63 points –

Basically every local service is accessed via a web interface, and every interface wants a username and password. Assuming none of these services are exposed to the internet, how much effort do you put into security here?
Personally, I didn't really think about it when I started. I make a half-assed effort at security where I don't use "admin" or anything obvious as the username, and I use a decent-but-not-industrial password - but I started reusing the u/p as the number of services I'm running grew. I have my browsers remember the u/ps.
Should one go farther than this? And if so, what's the threat model? Is there an easier way?

83

You are viewing a single comment

Those solutions are still way too complex and corporate to my likes. :(

I'd like to encourage you to take another look at Authentik, it sounds like their Proxy Provider is exactly what you're looking for: https://docs.goauthentik.io/docs/providers/proxy/

Authentik can certainly get complex, but only if you want/need it to. It is by far the most user-friendly IDP solution I've found, especially for what it offers. Their docs also have step-by-step guides for how to integrate a lot of popular self-hosted apps.

Only takes a couple mins to spin up a test environment using their Docker compose file: https://docs.goauthentik.io/docs/installation/docker-compose

Thanks, I’ll have another look.

For sure! If you do end up taking it for a spin, feel free to ping me with any questions.