2·
2 years agoIt is discouraged but with a very strong non-reused primary password for your home instance, you’d be hard pressed to have problems with hackers even if they dump your database. It’s still a better idea to use a hardware key but that’s understandably annoying to carry/use.
One thing you could do is setup a second vaultwarden instance running on a separate machine ideally on a separate network and keep only TOTP connections on it, with its own backups and storage. But that is probably just as annoying.
Yes they have a catch all option, setup took a minute for me using my domain setup in Cloudflare, Apple’s documents/guided setup made it a breeze and it’s been rock solid.