Worst case, if you forget your own Bitwarden master password, you have it typed up on that document, in the safe, of which only you have access. If your life should abruptly end, your family will be able to gain access to the safe and read the document about how to recover your accounts, which would include what software you use (Bitwarden, Aegis, KeePass, etc) and the master passwords to each. Save that document in a safe in your home to which only you have the key. Redundancy with your Bitwarden vault, redundancy with your TOTP app, redundancy with your 2FA backup codes.Īs an aside, I would strongly recommend typing up a document about how to get access to all your accounts, should you unexpectedly die. If you lose a backup, such as a friend moving away, or your house burning down, you still have backups shared elsewhere. If you lose your phone, you still have access to your backup codes and the TOTP secret keys. Now if Bitwarden has an outage, you still have access to your vault.
A backup is not a backup if you only have one copy! So put them in multiple places. So take advantage of that! Export your Bitwarden vault, export your Aegis/andOTP entries, and copy your KeePass vault. That means you have:Īll of these support backups. Put them in a second password manager like KeePass or KeePassXC, for the same reason. The backup codes service providers give you when you enable 2FA should be saved, in case you lose your device where you're managing TOTP. Keep TOTP away from your main password manager. If your Bitwarden vault is compromised, you don't want your accounts where 2FA is enabled to be compromised also. Keeping TOTP out of Bitwarden prevents a single point of failure with compromises. Your TOTP app (Aegis, etc) and TOTP backup codes (KeePass, etc) should be backed up to at least two locations.2FA TOTP backup codes should be stored in a separate password manager, like KeePass, etc.Use a mobile app that supports backups (Aegis, andOTP, etc (not Google Authenticator)). You should not use Bitwarden for your 2FA.It's still worth exporting your Bitwarden vault with attachments to a separate file.
This is true for browser extensions, mobile apps, and the desktop. Bitwarden keeps an offline cache of you password manager.I think there are a few things worth straightening out, which the last post didn't seem to do. Some things are relatively complicated and there is a limit to how far they can be simplified to protect those who can't be bothered reading instructions against themselves. If people can't be bothered to read and understand the instructions, which are clear for both bits of software, then what else should the suppliers do? It works fine for me across several devices, but I have to turn on the add new device option on the rare occasions I need to use it. On Authy the instructions explain clearly how to have it backup things online and what the dangers are. How do you suggest that Bitwarden forces someone to write down a backup code? Can it pick up a pen and piece of paper, then write the code down? Bitwarden strongly emphasises making copies of this, I don't see what more it could do. Or the many others that don't realize Authy doesn't default to backing up so it has the same issue as Google Authenticator. The many more that forgot to write down their recovery code because Bitwarden doesn't force you to. I'm mean, we just lived through the crapstorm that was 2020, some crazy thing that causes you to lose your phone and backup codes is not too crazy of a thought to consider. Just because it may never affect you or your situation is not the same as the other guy doesn't mean we should not explore solutions no matter how outlandish you think it is. I wish there was a better solution but people downvoting these topics is not helping anyone. A password manager is important to a lot of people and being locked out is a real problem. Of all the things that should have 2FA, it should be your password manager but then you create this new possibility of being locked out forever due to sometimes simple mistakes. Or you do find an Auth app that backs up to Google or Apple but then you realize you need the password and/or 2FA for those accounts but they're locked in your password manager you can't get to. This is quite easy to do if you're like a lot of people and don't realize Google Authenticator doesn't back up your codes and the many more that forgot to write down their recovery code because Bitwarden doesn't force you to. It's a good question to ask because if you lose your 2FA device and recovery codes you'll be locked out of your account forever. I asked this the other day and got downvoted as it seems you are too.