It’s not the best idea to re-use your master password for this purpose, but it’s probably not a terrible choice either. The main issues are:
-
You are increasing your “attack surface”. To compromise your vault, an attacker needs to acquire a copy of your encrypted vault data, and also acquire or crack the decryption password. The more backup copies you make using the same master password, the more opportunities there are for an attacker to steal the encrypted vault data, and (theoretically) to crack the password. If the password is successfully cracked, then the attacker would not only get access to the data in the stolen backup file (which may be old), but they would also have a leg up on getting access to the current version of your vault (as they now only need to defeat your 2FA).
-
If your master password is ever compromised (e.g., you inadvertently type it into an online form that is not the Bitwarden login form, or you fall victim to social engineering or shoulder surfing), then all old backup files become extremely vulnerable, since it is not possible to do a password change on an exported file. Therefore, you would need to keep track of every single vault backup that you ever make using the master password as a backup, to allow you to securely destroy all of these files (or wrap them with a second encryption layer) in case your master password is ever compromised.
If you have a sufficiently strong master password, then the probability of somebody cracking the password with today’s technology may be negligible. As computing technology improves, you can update your account’s KDF setting to minimize the risk of a successful brute-force attack against your vault. However, updates to your KDF settings do not apply retroactively to your backup files, so the older these files become, the more vulnerable they will be (e.g., a master password that is uncrackable today will probably become vulnerable to brute-force cracking in a few decades if the KDF settings are not updated).
That is why you need to create (and securely store) an Emergency Sheet, which should include (at a minimum) your master password, your 2FA reset code, and your backup file password.