This sums it up: 
2 Likes
Very true.
Kind of like saying locking your doors and leaving the key under the mat is better than leaving them unlocked. True but only minimally so. 
2 Likes
If we go with that metaphor, the key isn’t under the mat but held by either Google, Microsoft, or Okta (whichever one you choose to use with Tailscale) who acts as the “concierge”. If you fail to identity yourself to the concierge, you’re not getting in.
Right.
It’s not like people who willy-nilly open ports on their routers without having any idea why would also have stupidly insecure google password. I mean it’s only email, right?
then they add insult to injury by then using the same insecure google password to completely open their home network to google hackers too thru the VPN.
I second that. 
unless the crook pays them off or steals it from them or tricks them into giving them the key.
Nothing is completely secure but having everything under your own control and local is way more secure than trusting any third party.
I think Microsoft and Google encourage the use of good passwords (by rating it as you create it). What I don’t know is if they reject weak passwords (I never tried).
There were instances of UPnP exposing non secured SSH access to the Internet. This is why SSH is no longer activated by default and requires a password to be configured at a minimum.
The problem with VPN access is that VPNs are blocked by many corporate networks. My employer for example blocks both VPN access and dynamic DNS services. Nabu Casa works though.
Coupled with multi factor authentication I’m reasonably confident with the level of security Nabu Casa offers.
That Google transparency list was a bit of a surprise though.