Do you have a separate admin account on your services?
I've been creating separate accounts for some of my selfhosted services, some are to further sub-divide the data, but for sure I always have an admin account and the account I use day to day.
What's your account creation schema?
What do you think about creating multiple accounts for your selfhosted services?
I have two services that my main account has zero admin rights on: gitlab and nextcloud. Both have, potentially, sensitive data owned by others. I've put massive passwords and MFA on both of those admin accounts. I figure if someone somehow harvests the session data or passwords and cracks 2fa on my account, that's the only one that will be affected.
Yes. Separation of privilege wherever I can.
What powers an admin have to break your stuff when you only have a single other account?
Some times separating concerns is meaningless. Some times it's useful to have many accounts for a single user. Some other times the admin/normal user separation is useful. It does really vary.