Most folks set up a password manager, spend an afternoon migrating their logins across, and then consider the job done.
But if all you’ve got in there is passwords, you’re only using half of what the tool actually is. That’s because your password manager isn’t just a password list; it’s one of the most secure forms of storage most people have access to. That’s why the most important file in your password manager doesn’t have to be the passwords. What should actually be living in there is everything that gets you back into your accounts when passwords stop working.
Your password manager is a vault, not a spreadsheet
Load your vault with treasure
Part of the reason most folks use a password manager more akin to a spreadsheet is a throwback to how they worked in the early days. They very much felt like an Excel document with some useful security features thrown on top.
But the technology has come a long way since then, and most password managers have additional features and security specifically designed to work as a secure vault rather than a straight-up list of usernames and passwords.
Nearly all password managers worth their salt use zero-knowledge encryption. That means the provider can’t read your data even if they wanted to. Your vault is locked behind a master password that, ideally, exists nowhere else. For true security, committing that master password to your memory as its only location is the best method, but I’d understand if you kept a sneaky backup written down at home.
As I always say, if someone is standing at your desk stealing your passwords, you’ve got a whole bunch of other problems.
- OS
-
Cross-platform
- Developer
-
Bitwarden
- Price model
-
Free, Premium available
- Services
-
Password manager, password generator, secure file sending, credential management, etc.
What should actually be in there?
The stuff you’ll be glad to have when everything goes wrong
On that, the real question isn’t “What passwords should I store here?” because the answer is “All of them.” The question is “What else should I store in my secure vault?” And the answer for most folks is, actually, quite a bit.
Primary email backup codes
Your email account is the master key to everything else online. Forget a password anywhere? Reset link goes to email. Get locked out of a service? Recovery goes to email. But if you lose access to that primary email address without a proper backup in place? Man, you’re in for a bad time.
Most email providers let you generate backup codes for exactly this reason. They’re basically one-time-use codes that get you into your account even if your password and 2FA are both unavailable. Keeping this file in your secure password manager vault is a great option.
2FA backup codes for critical accounts
Similar to your email accounts, but for the other accounts. As said, many accounts are recoverable through your email address. But in some cases, losing access to your 2FA, either by SMS or an authenticator app, means you wave goodbye to that account. I’ve seen firsthand with MakeUseOf staff over the years, suddenly finding an impassable wall of security through this exact problem, and it’s not fun.
In this case, you generate the secure backup codes during account setup, then put them straight into your password manager vault, and hope you never need them.
Account recovery information
Now, we’re still talking about account recovery, but this time, it’s security questions. The thing with security questions is that for them to be secure, you can’t answer them accurately.
If you do, you’re opening yourself up to social engineering and other phishing attacks, where your information can be found online. So, when the question, “Where were you born?” appears as a security prompt, someone could find your social media account and surmise you were born in, say, Maine. But the actual answer for your security prompt is “noneofyourbusinessguy12345!”.
It’s an extra layer of security for your accounts, but that layer also needs more management, which is exactly why you need the password manager vault.
Other non-password credentials
If you use any services that require private encryption keys, SSH keys, and similar, your password manager vault is just the ticket. Private keys are similar in functionality to passwords, and losing them can have catastrophic consequences depending on the service.
Storing them in your vault means they travel with everything else, and as most support secure file attachments and large text notes, you can add almost any data you need.
Driving license, passport, and similar scans
Something else your password manager’s secure document vault can store is specific document scans. For example, if you need to keep a copy of your driving license secure, you can scan it and upload it to your vault. It’s a similar story for insurance documents, medical cards, and so on.
Software license keys
I’m throwing this one in because software keys are still a thing, and if you use them, you should keep them safe. In that, the password manager vault is perfect.
In most cases these days, your software keys are tied to an email account or similar, and even sometimes your hardware, so this is less relevant than a few years ago. Still, losing a license key is really quite irritating, so use your password manager if you need to keep them secure.
Your password vault is the most secure storage you’re not using
Passwords are important to keep locked up, that we know. It’s all the other stuff that falls to the side: the backup codes, the recovery keys, the credentials that don’t quite fit the username/password format, and so on.
So, here’s a quick test. Open your password manager right now and search for “backup.” If nothing comes up, you’ve got some work to do.
Self-hosting your password vault eliminates the one breach that could lock you out of everything
The password manager breach that won’t lock you out.

