Well to give you another option, Bitwarden made a standalone authenticator app that is presumably secured with the same care as the regular Bitwarden password manager app.
I've diverged a good bit since then of the services I've added and the specifics of how I configure things (I still use Traefik whereas I think they've shifted to Nginx), but they have a great example of a GitHub repo and what it looks like to manage a self-hosted server.
For #2 and #3, it’s probably exceedingly obvious, but wish I would have truly understood ssh, remote VS Code, and enough git to put my configs on a git server.
So much easier to manage things now that I’m not trying to edit docker compose files with nano and hoping and praying I find the issue when I mess something up.
If you don’t trust yourself 110%, don’t host it yourself. Too risky. I self-host everything, but I leave email and passwords to someone else because it’s just too important.
I mean yeah it’s less secure than if they were separated. But my mom is never going to use a separate app for passwords and 2FA, so the two in one app is still better than nothing.
And it is wife / parent / grandparent approved in my household!
It’s good enough that once I taught my mom to use it, she then went and taught my grandma and now we’ve got the whole fam on a family plan. It’s seriously so good.
Tbh it definitely helps with my phone addiction. The content starts to run out and I can just put down my phone.