The Bitwarden Blog
World Backup Day - Top tips to protect your passwords
March 31st, 2021
On World Backup Day, we celebrate backing up our most important data. Perhaps that is your treasured digital photographs, or perhaps the novel you’ve been writing for the past several years. In almost everyone’s case, it also means backing up your sensitive information such as logins, passwords, secure notes and other items.
In this post, we’ll discuss protecting your primary login for your password manager, as well as the information within your Vault.
As an application with end-to-end encryption, only you hold the key to your Bitwarden Vault. Bitwarden as a company cannot ever see your data, or even reset your password for you. As we detail in our Welcome email
- Your Master Password is the only way you can unlock the Vault and only you hold the key. Memorize it, or write it down and keep it in a safe place.
Whether to only memorize, or to write down, a Master Password is a personal decision and is sometimes hotly debated in our forums. We simply recommend: do what is safe and works for you so you do not forget it.
If you set up two-step login for your Bitwarden account, it is equally important that you build in protection to backup your Bitwarden recovery code and have redundant mechanisms for two-step login if possible.
To get your Bitwarden recovery code you can visit Settings > Two-step Login.
With two-step login enabled, be sure to grab your Bitwarden Recovery Code
You will be prompted to print your recovery code if you choose. Please consider the best way to ensure that you never lose or forget your Master Password, and that you always have a way to access your recovery code.
The Two-Step Login Recovery Code within Bitwarden
Bitwarden encourages users to print the recovery code for safe keeping in the event the two-step login mechanism gets disrupted.
WARNING: Unfortunately, some users set up Bitwarden with two-step login and an authenticator application on a single phone. Then the phone gets lost or damaged, the user cannot access that authentication mechanism and the user does not have their Bitwarden recovery code. In this case, users can be locked out of their account.
Bitwarden recently added Emergency Access as part of our Premium Account. Users with Premium features can invite others to access their Bitwarden Vault in the event that the inviting user can no longer log in or provide access to that data (for example, if they become incapacitated). For more information please see our blog post Bitwarden releases Emergency Access.
Beyond protecting your primary Bitwarden credentials and two-step authentication mechanisms, there are several ways you can backup your own Bitwarden Vault data.
NOTE: The Bitwarden cloud service is a highly-available application with a comprehensive backup and recovery system in place using Microsoft Azure services. In addition, while Bitwarden as a cloud service secures and protects your data, we believe in a transparent data liberation process you can use yourself for backup purposes.
Bitwarden supports exporting your Vault from any Bitwarden client. This includes our desktop and mobile apps, browser extensions, web vault, and command line interface.
In all cases you have an option to export as a
- .csv file
- .json file
- .json (encrypted) file
Some users appreciate the option to print a copy of vault items and keep a paper-based copy in a very safe place. This can provide a range of benefits in the event that you get inadvertently locked out of your account.
To create a printout of your Vault, you will want to select an unencrypted format and download that, perhaps temporarily to a USB flash drive that can be fully reformatted afterwards.
NOTE: Regarding formats, Bitwarden recommends .json for a more complete export, as .csv files do not currently export Cards or Identities. However, .csv files can be more easily manipulated with common standard spreadsheet programs.
WARNING: If you download your unencrypted Vault to a device in order to print it, be aware that you most likely want to remove that file from your device, and further ensure that it is removed from the trash so that it is completely deleted from your system after you print it.
Some users appreciate the ability to download their Vault in an open, unencrypted format such as .json or .csv for both backup purposes and in the case that they want to take their credentials with them someday.
Bitwarden makes unencrypted .json and .csv formats available for this purpose and users are able to determine their own backup strategies as needed.
As described in the above item, users should be extremely attentive to protecting unencrypted formats. Options include putting the files on a flash drive into a physical locker or safe, or alternatively using a local app such as “Zip” to encrypt the file while you store it locally. Whichever the case, protect your unencrypted files carefully.
Bitwarden also offers the option to download an encrypted copy of your Vault. This saves some of the time and attention needed to handle an unencrypted file.
While you should always handle all Vault exports as sensitive, an encrypted Vault can only be accessed by the person with the Master Password for the account. For Bitwarden encrypted exports, the user’s Master Password is employed to encrypt the Vault export. Similarly, the same Master Password is required to decrypt the Vault.
For more information please see our help note on Encrypted Exports.
World Backup Day is the perfect time to remember that no matter how much we plan, unpredictable things can happen. As Benjamin Franklin once wrote: “An ounce of prevention is worth a pound of cure.” So, take a few minutes to put the right backup strategy in place for your own needs to be sure that you never lose access to your Bitwarden account.
If you do not have a password manager yet, get started with a Bitwarden account for free.
Back to Blog