It was one of the easiest to setup and it works flawlessly. I’m a bit paranoid about losing my data even with the backups… Any recommendation?

  • astrsk@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    It is discouraged but with a very strong non-reused primary password for your home instance, you’d be hard pressed to have problems with hackers even if they dump your database. It’s still a better idea to use a hardware key but that’s understandably annoying to carry/use.

    One thing you could do is setup a second vaultwarden instance running on a separate machine ideally on a separate network and keep only TOTP connections on it, with its own backups and storage. But that is probably just as annoying.

    • dan@upvote.au
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      It’s still a better idea to use a hardware key

      I’m looking forward to more sites supporting Webauthn / FIDO2 one day. Many companies are moving this way for internal systems, since TOTP is vulnerable to social engineering attacks (eg an attacker calls and says they’re from IT support and need a TOTP code for security purposes).

      You don’t always need a hardware key though, I don’t think. At my workplace we use Yubikeys with a certificate stored on them, but on my phone (Galaxy S22) I can use my fingerprint to authenticate. I don’t know a lot about it.