The Bitwarden Blog
7 Tips to Protect Your Bitwarden Account
November 3, 2021
Bitwarden helps users store information securely with end-to-end, zero-knowledge encryption. That means Bitwarden cannot see anything in your vault because the information stored there remains encrypted with your own username and main Bitwarden password. The fact that Bitwarden cannot decrypt your information provides the assurance users need to rely on the product.
With a zero-knowledge encryption approach, users have complete responsibility for their credentials. Bitwarden cannot reset a user password for individuals. For corporate enterprise organizations with a dedicated business plan, there are options for administrators to reset user passwords.
With the goal of protecting your critical information, and ensuring you can recover from unintended situations, here are 7 tips to protect your Bitwarden account.
When you sign up for Bitwarden, the welcome email includes this advice:
Your Master Password is the only way you can unlock the Vault and only you hold the key. Memorize it, or write it down and keep it in a safe place.
This is the only way. Please take care.
In addition, your main Bitwarden master password should be strong and unique to Bitwarden. There should be no use of it elsewhere in your past or future outside of Bitwarden.
Your login information for Bitwarden includes an email address and your main Bitwarden master password. The email address is used to communicate with you, and that email account login should be safely protected as well. Should you lose your master password, and you previously made a backup of your vault (described below), you can delete your account and start again.
Beyond protecting your account with a strong and unique master password, adding two-step login, or two-factor authentication gives you extra protection.
The Bitwarden Basic Free Account includes options for two-step login via an authenticator app or email. Paid Bitwarden accounts include the option to use security keys with FIDO2 and Cisco Duo.
Once you have a paid Bitwarden account, you can also integrate two-step login for the accounts you store within Bitwarden.
For more, see the blog post Basics of two-factor authentication with Bitwarden or the Field Guide to Two-Step Login on the help site.
Most applications, including Bitwarden, will give you recovery codes if you somehow lose your ability to authenticate. With your Bitwarden two-step login recovery code, you will want to be sure to keep that outside of Bitwarden in a safe and memorable place.
For your email account, and your authenticator application (if chosen), you’ll want to keep a close eye on those recovery codes as well.
Most importantly when it comes to two-step login, be sure that your recovery codes are backed up across devices or in a cloud account. Sometimes authenticator apps stay local to a phone, where an unfortunate situation could leave you locked out of your account
The Triangle of Security Success incorporates your main Bitwarden account, your email account, and your authentication for Bitwarden.
Bitwarden Premium for individuals and all other paid plans include Emergency Access, the capability to add a designee to your account if you cannot access it.
Many Bitwarden users appreciate the ability to ensure that their vault can be accessed by a trusted designee. As our lives become increasingly digital, this smooth and secure transition can provide an added level of reassurance around your vault.
With Bitwarden, you can export your vault at any time, and from any client, in encrypted or unencrypted forms. This can be beneficial should you somehow lose your Bitwarden master password or authentication options.
You can download an unencrypted export of your vault in .csv or .json formats. The .json format provides a more complete export. Read this help note for more information.
Of course, an unencrypted export is just that, something that anyone with access to the file can see. Different people take different approaches here - one is to download to a USB stick and put that in a lock box or safe place, another is to have redundant USB keys. Some users like to download and print their vault using the .csv format.
Whichever method you choose, remember to treat any digital files of your vault with extreme care. Leaving unencrypted exports on a phone or laptop that gets daily use and travels with you is not recommended.
Bitwarden also provides an option for encrypted exports using the .json format. Note that this encryption mechanism uses the same email and main Bitwarden password combination to unlock your vault, as it does to export your encrypted vault. Therefore this format does not help you if you forget your master password or authentication codes.
For more information on encrypted exports see this help note.
Most of all, review and practice these tips. Take a backup, put it in a safe place, and do not store it on unencrypted devices that are out and about. Try to log into some of your favorite accounts without relying on your phone. Or test out a new browser as an example of moving to a new device, and see how quickly you can re-establish your vital logins using Bitwarden.
If you are looking to get started with a password manager, you can sign up for an individual Bitwarden account today, or check out the trials for a business plan to enable safe password practices at work.
Back to Blog