aa9e70659a
* Staging: Vault Mgmt (#380) * Commit #1 - Updated Master Password article, and removed old versions (w/ redirects) - Repurposed Account Encryption Key Article - Moved Fingerprint Phrase article - Requisite re-ordering of security articles - Change "Account Mgmt" title to "Your Vault" - Slight change to "Import & Export" category title * - Managing Items - Favorites & Folders (+images) - Sync & Search (+images) - Import Export title change - Clarification re: Login v. Lock in "Field Guide to Two-step Login" - Clarifiation re: Org Invite Expiry in managing-users.md - New link to Acct. Encryption Key in encrypted-export.md * Commit #3 -Custom Fields - URIs (+ images) - File Attachments - VH Reports - Required re-ordering * Commit #4 -BWDC Login recommendation -VH Reports images - Added Two-step FAQs, Import FAQs - FAQ Nav Item depricated, targetting FAQs for each category are now the last article within respective categories * Commit #5 -Edit & move Account/Org Deletion Article -config.yml to re-order global nav -encrypted export update * General FAQs (preliminary edits) * Features > Misc. * return forgot-master-password.md & downstream order changes * delete account warning * fixed link
2.6 KiB
layout, title, categories, featured, popular, tags, order, redirect_from
| layout | title | categories | featured | popular | tags | order | redirect_from | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| article | Account Encryption Key |
|
false | false |
|
04 |
|
Each unique Bitwarden account has an encryption key derived from your Master Password, according to the methods defined in [Encryption]({% link _articles/security/what-encryption-is-used.md %}). This encryption key is used to encrypt all Vault data.
Rotate your Encryption Key
{% callout warning %} Rotating your encryption key is a potentially dangerous operation. Please read this section thoroughly to understand the full ramifications of doing so. {% endcallout %}
Rotating your account's encryption key generates a new encryption key that is used to re-encryption all Vault data. After rotating, you should quickly take the following actions to prevent data loss or corruption:
Log out of Client Applications
When you rotate an encryption key, you must immediately log out of any logged-in sessions on Bitwarden client applications (Desktop App, Browser Extension, Mobile App, etc). Logging out of client applications in this way will shut down sessions using the "stale" (prior-to-rotation) encryption key. After doing so, logging back in as normal will use the new encryption key.
Making changes in a session with a "stale" encryption key will cause data corruption that will make your data unrecoverable.
Re-download any Encrypted Exports
If you're using [Encrypted Exports]({% link _articles/importing/encrypted-export.md %}) to store long-term secure backups, you should immediately re-download the encrypted export of your Vault data using the new encryption key.
Encrypted Exports use your encryption key to encrypt and decrypt your Vault data, meaning that a rotated encryption key will not be able to decrypt an export created with the "stale" (prior-to-rotation) key.
How to Rotate your Encryption Key
Complete the following steps to rotate your account encryption key:
-
Log in to your Web Vault{:target="_blank"}.
-
Select Settings from the top navigation bar.
-
On the My Account page, locate the Change Master Password section.
-
Enter your Current Master Password and create/confirm a New Master Password.
{% callout success %}If you don't want to change your Master Password and only rotate your account encryption key, you can enter your current master password in the New fields to prevent it from changing.{% endcallout %}
-
Check the Also rotate my account's encryption key checkbox and accept the dialog.
-
Select the Change Master Password button.