I’m willing to accept the slight security difference in exchange for the convenience of having access on a single app 99.9% of the time.
To get into my Vaultwarden in the first place to get my info they’d first have to know my self-hosted server exists to target. And they’d need to compromise that MFA which is handled by a separate unrelated app.
That’s more than enough security for nearly everyone on the planet.
I get that not everyone wants to set up something like Aegis in combination with e.g. Syncthing.
Of course it is still better than SMS and email, but I would recommend you check out Ente Auth and/or Proton Auth.
Both are end to end encrypted and you would at least have it in separate apps
I’m willing to accept the slight security difference in exchange for the convenience of having access on a single app 99.9% of the time.
To get into my Vaultwarden in the first place to get my info they’d first have to know my self-hosted server exists to target. And they’d need to compromise that MFA which is handled by a separate unrelated app.
That’s more than enough security for nearly everyone on the planet.
Perfectly valid, everyone has their own threat model and their own standards.