How to back up Bitwarden using KeyPassXC on macOS

I recently took the plunge and started using Bitwarden to manage all my logins, except email addresses and Apple ID.

After eight straight hours spent changing login details, now each of the websites for which I previously had a password stored in the Mac keychain has a unique and randomly-generated twenty-digit combination of lower case, upper case, numbers and special characters stored in the Bitwarden vault.

Only twenty digits??

Yes, “only” twenty randomly generated digits including lower case, upper case, numbers and special characters, which based on some tests I did in KeyPassXC result in an entropy between 110 and 130 bits. No reason to be paranoid, no reason to need more than that for me.

One last thing which I felt like doing before calling it a day was to create a local and encrypted backup of the Vault, and I selected KeyPassXC to achieve that.

The advantage of doing so it twofold:

● First, I now have an encrypted backup with all my login credentials which I can access through KeyPassXC should anything happen to Bitwarden (unlikely);

● Then, I could easily start using KeyPassXC and its browser extension if I wanted to use a locally stored encrypted vault rather than an encrypted cloud-synced one (I still prefer Bitwarden though, since it’s more user friendly).

Let’s see how to safely back up the Bitwarden vault using KeyPassXC on macOS.

The short version

1. If you have a Mac with SSD, save the CSV file generated by Bitwarden directly onto an external and encrypted USB drive.

2. Use these settings when importing the CSV onto KeyPassXC, without even needing to open the file:

61-0.png

Short version – explanations

Fact is, it’s not really possible to securely delete files on Solid State Drives, and on macOS trying to securely remove a file by moving it onto an Encrypted Disk Image or an encrypted USB drive doesn’t work either.

If you save a file on your desktop, in Downloads, etc, and you then try to move it onto an Encrypted Disk Image or an encrypted USB drive, the file will only be copied rather than moved, and the original will remain wherever you first saved it. This is my experience on macOS Catalina.

Sure, you can move the file to the Bin and then “permanently delete it,” but it will just keep floating around in the SSD and may be recovered with dedicated software.

What I did the first time around, when I saved the CSV file on the desktop and was then unable to securely move it onto the Disk Image / USB drive, was to first rename it, then delete all content and save it, then replace it multiple times by moving another file with the exact same name and extension onto the desktop, and finally bin it and “permanently delete it” from the bin.

Full guide

Step 1: in your browser, change the default setting for downloads

61-1.png

If you already have an encrypted USB drive, just plug it in and skip to Step 7. Otherwise, let’s proceed to encrypt a USB drive.

Step 2: launch Disk Utility: Finder > Applications > Utilities > DiskUtility.app

61-2.png

Step 3: select the USB drive and click Erase

61-3.png

Step 4: in Name, assign a name to the USB stick

Step 5: in Format, select MacOS Extended (Journaled, Encrypted)

61-4.png

Step 6: insert a Password for the encryption and type it again to Verify it

61-5.png

Step 7: log in at https:// bitwarden .com/

61-6.png

Step 8: Go to Tools > Export Vault

61-7.png

Step 9: select .csv in File format

61-8.png

Step 10: select the encrypted USB drive

61-9.png

Step 11: click Save

61-10.png

Step 12: open KeyPassXC

Step 13: Select Import from CSV

61-11.png

Step 14: point to the CSV file in the encrypted USB drive

Step 15: fill in the General Database Information and click Continue

61-12.png

Step 16: change the Encryption Settings if you wish (I didn’t) and click Continue

61-13.png

Step 17: create a Master Key for the encrypted database (I used the same Master Password which I use in Bitwarden)

61-14.png

Step 18: assign a name to the encrypted database, and save it wherever you want on your Mac

61-15.png

Step 19: in Column layout, fill in the fields as follows

61-0

Step 19: feel free to delete the “type” folder

61-17.png

Step 20: in the “login” folder there will be all your credentials imported from Bitwarden

61-18.png

There you go: all your login credentials are now safely backed up in a local encrypted database (which you can also send to your iPhone and open with Strongbox) and you don’t need to worry about securely deleting the CSV file from your Mac, since it is stored in the external encrypted USB drive.

Read also:
• Make Firefox look like Safari
• How to change login screen wallpaper on macOS Catalina