I currently use Bitwarden (with a strong password) to secure my sensitive personal information but, having recently seen many reports of highly sophisticated scams involving mobile phones, I wish to “de-risk” my sensitive data storage by using 2 Bitwarden accounts. One account for everyday banking / shopping and another, Bitwarden account (different email and secure master password) for all my “high-value” logons such as savings and pensions. I anticipate only using the “high-value” account occasionally and always on a desktop pc so eliminating the risk of a large loss as a result of phone loss/highjack/scam.
To implement this plan I want to place all my existing “high-value” logons into a folder in my current vault and then transfer that folder to my new “high-value” Bitwarden vault.
I’d ideally like to copy the folder to the new “high value” account to first check that the transfer has executed safely before then deleting the “high value” folder in my existing (now “low value”) vault.
Just to let you know, if you are on a free plan now, BW’s TOS allows only one free plan per person.
The obvious thing to do is to export/import your entire vault into a new account, but this requires deleting all the non-high value accounts from your new vault. You can’t export just specific entries. However, if you have only simple entries (no note, fields, etc.), maybe exporting in CSV format, and deleting other entries by hand would work.
The other thing you could do is to create an org and invite the other account to the org. Create a collection, move important account entries into the shared collection, and eventually clone the entries into the important BW vault, and then delete the entries from the shared collection.
Related to what you said:
I am not familiar with iOS/MacOS/Linux “ecosystems”, so I’ll comment on Android/Windows 11 Pro environments.
Phone loss doesn’t pose much threat as the device is already encrypted, mostly hardware backed, on top of your vault encryption. If you stay away from PIN lock, not requiring to enter a password on restart, you are “doubly” safe.
I haven’t heard people talking about being phone-hijacked, and then forced to hand over PWM access yet, only device PIN and bank app’s access.
If you use fingerprint lock on BW, knowing the device PIN, they can’t add another fingerprint and access BW, because BW will fall back to password unlock after fingerprint addition.
On some Android devices, like Samsung, you can hide the app behind another fingerprint lock, which hides BW app at the cost of double fingerprint verifications to unlock BW
Using another offline PWM on your desktop to keep the entries that you don’t need on your phones (important accounts, local encryption passwords) with some better features (like Keepass, for example) is another option.
Excellent points by @Neuron5569. My sense is that mobile devices are generally safer from malware than PCs (especially Windows PCs). On the other hand, this report was a big topic of discussion about a year ago:
Create a collection, move the “low-value” items into the collection, and then edit the collection permissions so that the second user has “Can Edit” permissions; this makes the “low-value” items shared between the two accounts.
Optionally, further configure the collection permissions so that the first user (the organization owner) has no view permissions; doing so will make it so that the “low-value” items are not viewable in the individual vault of the first user (although they would still have the option of viewing these shared items by going to the Organization vault).
If you want the two accounts to be fully segregated, then your best bet is to export the data using the “Password-Protected” export type that can be specified for the encrypted JSON format (if and only if you are in the Web Vault), then import this export into a new account, and subsequently start deleting unwanted items in each account.