Password backup practices
Your passwords and other access credentials are too important, so make sure they are backed up as securely as possible.
In our previous articles on cognitive biases, we discussed how our own brains can play tricks on our thinking, causing us to behave in ways that are detrimental to ourselves (in terms of cybersecurity and password management).
So by overcoming your unconscious resistance, learning and implementing good, smart cybersecurity and password management practices, you can significantly reduce your risk of being hacked and losing your data, identity or money.
In this article, we'll look at best practices for backing up your passwords and other access data.
Even if you are using a password manager, it's still a good idea to make regular backups, and we'll look at the pros and cons below.
Pros | Cons |
1. Prevents data loss: If your password manager gets corrupted, deleted, or locked, a backup ensures you don’t lose all your credentials 2. Protects against account lockouts: Forgetting your master password in some managers means no recovery option — a backup will save you. 3. Offline access to credentials: A local backup allows you to retrieve passwords even if the cloud service is down or you lose internet access. Some password managers, including our PassSecurium™, have an offline access option. 4. Protects against ransomware & cyber-attacks: If hackers compromise your password manager, a secure offline backup allows you to restore secure credentials. 5. Helps with migration: A backup (export) makes it easier to transfer passwords to another password manager. | 1. Risk of backup theft: If your backup (especially unencrypted) is stolen, attackers can access all your passwords. 2. Security breach if not properly encrypted: A poorly secured backup (e.g., stored as a plaintext file) creates a massive vulnerability. 3. Regular updates required: If you frequently update passwords, outdated backups may not contain your most recent credentials. 4. Extra storage & management needed: Securely storing backups (e.g., on encrypted USB drives, offline vaults) requires effort and discipline. 5. Potential synchronisation issues: Restoring from an old backup can overwrite newer credentials, causing login problems. |
The final verdict in this case: a backup of the password manager is justified and pertinent, but subject to the following conditions
- Encryption,
- Secure storage,
- Regular updating.
Password backup best practices for individuals
Export all/some of the available export formats. A common format such as CSV may be useful for migration, and the native format of the password manager you use may be useful if the data in it is deleted for some reason.
The exported files should then be encrypted if they are not encrypted (e.g. CSV, TXT, XLSX, XML). We suggest the following methods:
1. Basic (a password-protected file)
Windows: Use 7-Zip or WinRAR to create a password-protected ZIP file.
- Right click on the file → Add to archive → Set password.
- Select AES-256 encryption for increased security.
You can also turn on BitLocker to help protect your device data. This is a built-in disk encryption tool from Microsoft that protects your data by encrypting entire drives. It protects data if your device is lost or stolen, but it has some limitations.
MacOS: Use Disk Utility to create an encrypted .dmg file.
- Create a directory and put the file in it.
- Use the Disk Utility tool to create a New Image (Image from Folder)
- Select Image Format as "compressed" and set Encryption to "256-bit AES encryption"
- Set up a strong password and encrypt the directory.
It's also possible to create an encrypted archive using an archiver for MacOS that supports 7-Zip encryption. You can also encrypt removable media.
Linux: You can encrypt a 7-Zip archive. You should also enable device encryption to keep your data secure at rest.
2. Intermediate (via VeraCrypt - open source encryption software)
- Download and install the application. It's available for Windows, MacOS and Linux.
- You'll have the option to create an encrypted file container on your computer or encrypt a non-system (internal/external drive) or system partition/drive.
Remember that it is better to encrypt files using AES-256. If you have a choice, do not choose a weaker encryption.
You can store the file in the cloud, but it is better if your cloud is end-to-end encrypted. If the cloud is less secure, consider storing the backup on an external drive.
The encrypted file can be placed on a USB or external drive that is stored in a safe place. If for some reason you decide not to encrypt the file, it is better to store the drive with the file in a safe.
If you have an encrypted drive (internal or external), simply move the files to it.
And remember! After encrypting and moving, the original unencrypted files must be deleted (and the recycle bin emptied).
The downside of this method, of course, is that you are still encrypting a file or drive with a password, which you must also either remember or write down and keep in a safe place.
The frequency of backups should depend on how often you change passwords or add new credentials. It could be once a month, once a quarter or once every six months.
Password backup best practices for businesses and organisations
Enterprise password managers usually have a wide range of backup options. If the password manager is delivered as SaaS, backups are made in the cloud with appropriate redundancy and placement on different servers or even data centres.
For example, business subscriptions of our PassSecurium™ password manager offer all the benefits of cloud hosting, plus in-house backup options (the ability to export an encrypted/unencrypted backup file to a local machine) and an offline backup box (connects to the cloud only for backups, but stores data offline so that it is available on the local network in the event of a disaster).
The bottom line
In general, using a password manager is already a big step towards your cybersecurity. If your password manager stores data in the cloud and has local databases on devices that can be accessed offline, this is already a fairly reliable storage method. But no one can give you a 100% guarantee against data loss - cyber attacks happen every day, including on password manager providers.
We hope that the value of your data outweighs the hassle of backing it up. Stay cybersecure, and we're here to help you do it!
