(I by no means pretend to have the knowledge that Tom does, however I’m happy to contribute my thoughts. Take it with a grain of salt, there could be something I am overlooking!)
I think for my use-case, I would be fine with wireguard’s lack of user/pass auth. I do not manage an organization of any type, I simply enjoy self-hosting services for my own use. I am the only user so I would not be bothered by the lack of user/pass auth.
If I were not the only user within my “organization,” I would probably stick with OpenVPN. I’ve had an OpenVPN server at my home for years and it’s worked very well for all my needs (remote access to webUI services, SMB shares, RDP/VNC VMs, etc.)
The exception to this is if I had a second home- I would probably create a site-to-site VPN and would consider wireguard for this. This VPN would not be accessible from guest Wi-Fi. Therefore since I trust every device on my trusted/secure WiFi at the second home- I also trust those devices to access site-to-site to my primary home.