FYI, you can put a 2FA secret into Bitwarden and autofill the one-time passwords alongside the regular password. That would mitigate the impact of losing your phone.
I personally don't do this because I feel like it defeats the whole purpose of 2fa. If someone gets into your bitwarden account, now they have your passwords and can generate 2fa codes. Of course, if the alternative is just not doing 2fa then it's better than nothing but I'd still prefer an authenticator app or hardware key than putting them in bitwarden.
Getting into your bitwarden account should be at least as hard as getting into your authenticator app or stealing your hardware key, though, if you're using it as intended, so I think it's ok for 2FA
2FA keys are easily stolen from a desktop with a password manager running in the background when running a malicious executable, vs. 2FA keys on a 2FA app on a phone and running a malicious app.
I don't know if this is true. A password manager should encrypt its data at rest, and exfiltrating a key from another process's memory space is non-trivial. At the very least, you'd need a privilege escalation trick.
Great, this is a universal solution. Let's all make it an integral part of our digital security, and in 5 years or so hope that bitwarden doesn't leverage it!
Grandma, and Uncle Rob, and your cousins, and anyone else you have a long standing relationship with, can use your VaultWarden instance if you let them.
But! You now get to maintain uptime (Rob travels and is frequently awake at 3am your time) and make sure that the backups are working... and remember that their access to their bank accounts is now in your hands, so be responsible. Have a second site and teach your niece how to sysadmin.
