It was one of the easiest to setup and it works flawlessly. I’m a bit paranoid about losing my data even with the backups… Any recommendation?
It was one of the easiest to setup and it works flawlessly. I’m a bit paranoid about losing my data even with the backups… Any recommendation?
It is discouraged but with a very strong non-reused primary password for your home instance, you’d be hard pressed to have problems with hackers even if they dump your database. It’s still a better idea to use a hardware key but that’s understandably annoying to carry/use.
One thing you could do is setup a second vaultwarden instance running on a separate machine ideally on a separate network and keep only TOTP connections on it, with its own backups and storage. But that is probably just as annoying.
I’m looking forward to more sites supporting Webauthn / FIDO2 one day. Many companies are moving this way since TOTP is vulnerable to social engineering attacks (eg an attacker calls and says they’re from IT support and need a TOTP code for security purposes).
You don’t always need a hardware key though, I don’t think. At my workplace we use Yubikeys with a certificate stored on them, but on my phone (Galaxy S22) I can use my fingerprint to authenticate. I don’t know a lot about it.