World Backup Day - Top tips to protect your passwords
On World Backup Day, we remember how important it is to backup our data. Perhaps that is your treasured digital photographs, or the novel you’ve been writing for the past several years. In almost every case, it means backing up sensitive information such as logins, passwords, secure notes, and other items.
In this post, we’ll discuss protecting your primary login for your password manager, as well as the information within your vault.
As an application with end-to-end encryption, only you hold the key to your Bitwarden vault. Bitwarden as a company cannot ever see your data, or even reset your password for you.
Remember: Your Master Password is the only way you can unlock the vault and only you hold the key. Memorize it, or write it down and keep it in a safe place. If you lose or forget it, you’ll need to start over with a new Bitwarden vaut.
How you choose to keep your Master Password safe is a personal decision. The Bitwaden community has a lot of terrific tips and advice on this topic. We simply recommend: do what is safe and works for you so you do not forget it.
When you set up two-step login for your Bitwarden account, it is equally important that you build in protection to backup your Bitwarden recovery code and have redundant mechanisms for two-step login, if possible.
To get your Bitwarden recovery code you can visit Settings > Two-step Login.
You will be prompted to print your recovery code. Please consider the best way to ensure that you never lose or forget your Master Password, and that you always have a way to access your recovery code.
Bitwarden encourages users to print the recovery code for safe keeping in the event the two-step login mechanism gets disrupted.
WARNING: Unfortunately, some users set up Bitwarden with two-step login and an authenticator application on a single phone. If the phone gets lost or damaged, the user cannot access that authentication mechanism and the user does not have their Bitwarden recovery code. In this case, users can be locked out of their account.
Bitwarden includes Emergency Access in our Premium Account. Users with premium features can invite others to access their Bitwarden vault in the event that the inviting user can no longer log in or provide access to that data (for example, if they become incapacitated or locked out). For more information, please see our blog post Bitwarden releases Emergency Access.
Beyond protecting your primary Bitwarden credentials and two-step authentication mechanisms, there are several ways you can backup your own Bitwarden Vault data.
NOTE: The Bitwarden cloud service is a highly-available application with a comprehensive backup and recovery system in place using Microsoft Azure services. In addition, while Bitwarden as a cloud service secures and protects your data, we believe in a transparent data liberation process you can use yourself for backup purposes.
Bitwarden supports exporting your vault from any Bitwarden client. This includes our desktop and mobile apps, browser extensions, web vault, and command line interface.
In all cases you have an option to export as a:
.json (encrypted) file
Some users appreciate the option to print a copy of vault items and keep a paper-based copy in a very safe place. This can provide a range of benefits in the event that you get inadvertently locked out of your account.
To create a printout of your vault, you will want to select an unencrypted format and download that, perhaps temporarily to a USB flash drive that can be fully reformatted afterwards.
NOTE: Regarding formats, Bitwarden recommends .json for a more complete export, as .csv files do not currently export Cards or Identities. However, .csv files can be more easily manipulated with common standard spreadsheet programs.
WARNING: If you download your unencrypted vault to a device in order to print it, be aware that you most likely want to remove that file from your device, and further ensure that it is removed from the trash so that it is completely deleted from your system after you print it.
Some users appreciate the ability to download their vault in an open, unencrypted format such as .json or .csv for both backup purposes and in the case that they want to take their credentials with them in the future.
Bitwarden makes unencrypted .json and .csv formats available for this purpose and users are able to determine their own backup strategies as needed.
Be extremely attentive to protecting unencrypted formats. Options include putting the files on a flash drive into a physical locker or safe, or alternatively using a local app such as “Zip” to encrypt the file while you store it locally.
Bitwarden also offers the option to download an encrypted copy of your vault. This saves some of the time and attention needed to handle an unencrypted file.
In an encrypted export, the account’s unique encryption key, partially derived from the master password, is used to encrypt and export the vault. This encrypted file can only be imported into the same Bitwarden account, so it effectively works as a vault snapshot.
Recently, an update to the Bitwarden Command Line Interface (CLI) client allows for an encrypted export using a custom password instead of the account’s encryption key. There are plans to bring this to other clients, so stay tuned!
World Backup Day is the perfect time to remember that no matter how much we plan, unpredictable things can happen. As Benjamin Franklin once wrote: “An ounce of prevention is worth a pound of cure.” So, take a few minutes to put the right backup strategy in place for your own needs to be sure that you never lose access to your Bitwarden account.
If you do not have a password manager yet, get started with a free Bitwarden account.
Editor's Note: This blog was originally published on March 31, 2021 and was updated on March 30, 2022.