Lost all passwords

Ask the Community Password Manager
, ,
1

I exported to a Jason file my Vault

I set up my daughter to have Emergency Access

I Restored the Jason File

Now, none of the items have passwords

I don’t know my Next Step

2

This is very difficult to say without having more information.

  1. When you exported the vault data as a .JSON file, did the vault contain any passwords at that time?
  2. When you created the export, did you select the export format “.json” or “.json (Encrypted)”?
  3. If it was “.json (Encrypted)”, did you use the account-restricted export type, or the password-protected export type?
  4. When you restored the .JSON file, did you restore it to the same Bitwarden account from which you had previously created the .JSON export — or did you create a new account, and then attempt to import the .JSON file into the new account?
  5. If you imported the .JSON file into the original account, were there any passwords in the vault just prior to performing the import?
  6. When you imported the .JSON file, did you see any messages on the screen notifying you that the import had succeeded (or failed, as the case may be)? If so, what did you see?
  7. What is the current state of your vault — does it contain login items that have usernames and website addresses, but no passwords, or are the vault items completely missing?
3

From where did you perform the export?

I would start by checking the web vault (https://vault.bitwarden.com or https://vault.bitwarden.eu) to see if things look ok there.

If you do find things are OK on the web vault, please immediately take a fresh JSON backup from the web vault that is unencrypted and verify (with notepad) that it contains passwords. This will greatly minimize your stress level.

If the web vault itself is corrupted, take each of your devices, disconnect them from the internet (unplug ethernet cable or place in airplane mode) and only after confirming there is no internet access, open the various vaults on it to see if any of them are healthy. If so, create a an unencrypted JSON backup from that and verify it contains passwords.

After you have gotten a good backup, reach back out and let us know which vaults are misbehaving (desktop, browser, mobile app, etc) so we can offer recovery advise.

Then later, after all your apps are good, you can optionally create a password-protected JSON export and delete the unencrypted one to reduce the risk of vault disclosure from the stored copy. But until then, the confidence that comes from having a “known good” backup is more important.

Incidentally, you may encounter “account-restricted JSON exports”. Don’t use those. They are evil because they can only be restored to your existing account. If your account is deleted for any reason, they are useless, and if you wish to import into a competitor (e.g. to validate the backup), they are useless.