I backed up my vault for the first time and was not given an option to select where to place the unecrypted download–it simply downloaded directly to the downloads folder. Of course, I deleted the file and from the recycle bin after moving it to the encrypted flash but this is obviously not the safest method.
1 Like
Do you mean exporting from a browser?
Isn’t that part of your browser configuration? I know it is in Firefox.
I did this using the web version in Edge. I must have the browser set to send all downloads to the download folder. A clear mistake on my part. Is it worth doing anything more than deleting the file from recycle bin or am I being paranoid?
You’d have to go into your browser configuration and define the download folder to be on your encrypted drive. Some users define a dedicated browser profile for this purpose.
A warning: In the Desktop app, it does allow you to specify the destination of the export. However, it first downloads the export into the Downloads folder as a .tmp file, and then moves it to your selected destination. I don’t know whether there is any configuration that can be made to change the default Downloads folder used by Electron (i.e., the Desktop app).
It is not unreasonable to be paranoid, especially if your harddrive is an SSD (which makes it virtually impossible to scrub deleted data). If you have a regular HDD, there are secure erase utilities that can prevent the deleted file from being recovered (should your computer fall into the wrong hands).
I’m kind of wondering what is the point of the backup anyway? I have two forms of 2FA (authentictor app and yubikey), I authenticator app 2FA on two devices, and I have backup codes for authenticator app 2FA. My passowrd is also written in two safe locations–one in the home and one outside. Under what circumstance would I really lose access to all of those things at the same time?
Data corruption of your vault?
Can you sleep at night knowing you don’t have a backup?
You may lose access to some or all of your stored passwords if Bitwarden’s servers go down (temporarily or permanently), if somebody obtains temporary access to your email account and decides to delete your Bitwarden account, if you accidentally delete or modify an important vault record or unintentionally purge your whole vault, or if you rotate your account encryption key and something goes wrong (e.g., network connectivity issues) during that process — resulting in a corrupted vault.
I appreciate the insights here. In terms of the file that I deleted from the recycle bin, I assume the ship has sailed on properly deleting just that file using something like Erase. It seems like at this point it would require wiping the entire computer, which is not an option. I may change the passwords for financial accounts and be sure to shred the hard drive when the computer is at the end of it’s life. I’m beatig myself up over not realizing the file would be downloaded to the downloads folder. I can’t be the first one to do this. Are there other options I’m not thinking?
If you have a HDD (not SSD), there are tools that will allow you to securely erase the “free space” on the drive, which effectively scrubs the sensitive data left behind in a deleted file.
When I am in this situation I enable full disk encryption including free space. That will take care of it.
It appears I have SSD.
And is it full disk encrypted? FileVault, VeraCrypt BitLocker etc.
If so then I wouldn’t be too concerned.
It turns out the entire drive is encrypted as this is a computer on which I do highly sensitive work related to defense.