What do you guys do about usernames / passwords for your local services? - eviltoast

Basically every local service is accessed via a web interface, and every interface wants a username and password. Assuming none of these services are exposed to the internet, how much effort do you put into security here?
Personally, I didn’t really think about it when I started. I make a half-assed effort at security where I don’t use “admin” or anything obvious as the username, and I use a decent-but-not-industrial password - but I started reusing the u/p as the number of services I’m running grew. I have my browsers remember the u/ps.
Should one go farther than this? And if so, what’s the threat model? Is there an easier way?

  • 2xsaiko@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    3
    ·
    3 months ago

    It offers no practical benefit to small networks at the moment.

    The internet is not a “small network”, and I assume your small network is connected to it. You need local IPv6 routing to have access to IPv6-only hosts which are becoming more and more because it’s reasonable in terms of price to get an IPv6 block unlike IPv4 blocks which are being auctioned for tens of thousands of dollars at this point (!!!).

    Also restoring global addressing is a huge benefit. P2P communications in IPv4 has become an insane mess of workarounds due to lack of addresses and this becomes worse the more layers of NAT you stick behind each other to try to save your ass from the rising tide.

    I’m really sick of hearing these idiotic excuses over and over, “it’s hard” this, “it’s unsafe” that, “it’s expensive”, “understanding the eldritch secrets of IPv6 has driven 5 of my colleagues into madness” skill issue. THERE ARE NO MORE IPV4 ADDRESSES. So unless your network is so fucked that you haven’t managed to fix it in 26 years, since IPv6 has been standardized, or it really is just an internal network with no outward facing services where it doesn’t matter when someone who just has IPv6 can’t access it because they wouldn’t be able to access it anyway, and you’re not some kind of ISP, you have no reason not to have support for it at this point and you absolutely never have a reason to tell people it’s not “useful” because that is straight up wrong in the general case even if it might be true for your situation.