Master password (and other secrets) backup

Even if you have just one master password to remember (that’s actually never the case, even for the simplest setups), the best practice is to write it/them down somewhere safe (preferably with redundancy), and never trust only your memory.

Everybody has different threat models, but exposing all your secrets to potential attackers in plain text is not my favorite option.

Steganography could potentially help here. Also implementing some kind of encryption scheme (could be as simple as a “personalized” caesar cipher) to the plain text. But at the end of the day, you still need to remember /backup the “scheme” and/or medium used to hide the secret.

What’s your take on the topic? Any interesting setup to share?


I don’t know for sure, but I am afraid that any kind of complicated scheme would prevent me from understanding my note. Mine isn’t plain text: it’ll only prevent people not familiar with credential security from figuring it out easily, but I am not sure if even I can figure out if I am knocked out of my senses.

It seems to me the best bet would be somebody you trust. Maybe, you keep the encrypted copy, and give the password to people you trust to be used on emergencies, but put down the secrets as plainly as possible. This probably doesn’t survive law enforcement access, though, unless you give it to just your lawyer in certain jurisdictions.

1 Like

Some of the management relates to general principles for backups. You need something reliable, not destroyed by a single loss, and recoverable at need.

I’ll disagree three times here :slight_smile:

Hypothetically, as well as a Bitwarden pass phrase you might have one for a computer (or more) and one for backups – I assume everything is encrypted. If you locate all of these in a single place, e.g. an encrypted file or physical safe, then you need only one pass-thing to recover the others. Therefore I disagree with your first two statements. Complex sets can be stored under a single protection, and it need not be paper.

Disagreeing with your third statement, multiple memories are better than one. You might entrust a single top level key to a file which encloses other essentials (e.g. the three suggested above) to multiple trusted people. They need not have the same phrase in memory so long as it is highly memorable to them. Now, everyone has to forget to lose access entirely,

Other idle thoughts are that you can encrypt an image of your own paper copy to send to others (securely), or cut two paper copies of your master key(s) in two; keep one part A, send the other part A to one other person/place and the two parts B to another two people/places (expand as desired).

You can also organise how you keep data so that breaking one key, other than the pure Master, does not give complete access to everything else, even though loss of your computer or Bitwarden pass-thing will obviously be highly damaging. I take great care that none my significant keys can appear in a standard backup, even though those backups are encrypted.


1 Like

You are right, I was mixing usability and recovery. It is obv possible to consolidate all the secrets on a single encrypted file (for example). You will still need to memorize all the passphrases (if you use them daily), however, for the backup scheme, you can simple deal with one top level key.

I am not disagreeing on the redundancy side, but I would not trust the memory of any (trusted) person as a backup for my top level key. You can mitigate increasing the trusted people, but you are also increasing a potential attack surface.

Are you talking specifically about Bitwarden here or in general?

I also have different backups for significant keys (done on airgapped device only).
I understand that adding a layer of protection generally helps vs relaying only on encryption, but I am still trying to figure out exactly when the complexity of a setup becomes a weakness rather than a strength.