@b-morgan and @OutsourcedGuru have it right on the security front. VPN is definitely not overkill if you want to connect from the outside world to your home network - it is the only way to have even the slightest chance that you will keep your network secure.
Any time you have a well known port open on your router, threats who regularly probe IP blocks known to be ISP dynamic customer blocks will flag your IP as a target and then attempt additional, more specific attacks until they gain access. Don't assume that your ever-changing IP address is going to save you - it actually paints a larger target on you.
Many modern, inexpensive routers have a VPN endpoint option, and several models that don't can have alternative open source firmware installed that does. If you really don't want to use a VPN client and insist on opening a hole, use a strong proxy over TLS, with two factor authentication and a signed certificate (not a self-signed one) to gain access to the proxy, and then let the proxy sit between you and your OctoPrint instance. This will probably add a bunch more resource overhead on your router beyond a VPN session, though, unless your router is capable of designating a DMZ port, and you put your proxy on a separate device, in the DMZ. Still, sort of overkill versus just connecting a VPN session to your router, unless you have other resources you need to remotely access and proxy (and most modern consumer firewall/router combos have lost the ability to designate a particular port as a DMZ).