Hi, I’m just wondering if it’s okay to use my (very strong) master password for vault backups/exports on my iPhone or is it better to use a different password? Is it okay to leave the backup/s on my iPhone forever?
There is another post tackling that part already, I think:
1 Like
I see. It pretty much answers my questions. Thanks!
In short, it works, but it’s not the best.
Using your master password to back up your vault is fine from a crypto point of view, but it makes you more vulnerable. If someone breaks into your iPhone or backups, they could get every extra encrypted copy that is on the phone. A different password means a smaller blast radius.
I wouldn’t keep backups on iOS forever. Export it, check that it opens, move it to a safer place (like offline or encrypted storage), and then delete it from the phone. The Password Manager already protects your live vault. You should treat backups like valuable assets, not just files that are easy to access.
1 Like
Thanks. What if I do an Account restricted export?
Historically, that was the only option before “password protected exports” were added. – There is no real advantage of an account restricted export, but only disadvantages, so a password protected exports usually is the recommended route.
(–> Encrypted Exports | Bitwarden)
… and I still don’t understand, why the “account restricted” exports are still the predefined default… (corresponding feature request: Make "password protected" the default / predefined choice for "encrypted JSON exports")
Avoid this at all costs! These exports become completely undecryptable if you ever need to start over with a new Bitwarden account, or if you ever change the current Bitwarden account’s master password with encryption key rotation enabled.