It was one of the easiest to setup and it works flawlessly. I’m a bit paranoid about losing my data even with the backups… Any recommendation?
It was one of the easiest to setup and it works flawlessly. I’m a bit paranoid about losing my data even with the backups… Any recommendation?
It is discouraged but with a very strong non-reused primary password for your home instance, you’d be hard pressed to have problems with hackers even if they dump your database. It’s still a better idea to use a hardware key but that’s understandably annoying to carry/use.
One thing you could do is setup a second vaultwarden instance running on a separate machine ideally on a separate network and keep only TOTP connections on it, with its own backups and storage. But that is probably just as annoying.
I’m looking forward to more sites supporting Webauthn / FIDO2 one day. Many companies are moving this way for internal systems, since TOTP is vulnerable to social engineering attacks (eg an attacker calls and says they’re from IT support and need a TOTP code for security purposes).
You don’t always need a hardware key though, I don’t think. At my workplace we use Yubikeys with a certificate stored on them, but on my phone (Galaxy S22) I can use my fingerprint to authenticate. I don’t know a lot about it.