Password managers are one of those tools that seem nauseating at first, but become indispensable once you start using them. The idea of having a single place to store all your passwords may feel risky, but the reality is that it’s far safer than the alternative. Here’s why you should use one, and how to get the most out of it.

Why You Need a Password Manager

The core of good online safety is not making things easy for the bad guys. Weak passwords, reused passwords, and the sticky notes stuck to your monitor all make their job easier. A password manager changes that.

Unique Passwords

A password manager allows you to generate and store unique passwords for every site you use. This is crucial because if one site gets hacked and you've reused the same password elsewhere, you're in trouble. So when the website you’re using is inevitably hacked, you know that password can’t be used against you. With a password manager, you only need to remember one strong master password—the rest are taken care of. Is your password exposed? Check at Have I Been Pwned (and nowhere else).

Stronger Passwords

People are terrible at creating good passwords. “Kidsname08” or “Business2024” might be easy to remember but also easy to guess. Password managers generate complex, random passwords that are virtually uncrackable. And since you don’t have to remember them, you can afford to make them as complex as the sites allow.

Convenience

Imagine never having to click “forgot password” again. Or fight with the browser auto-fill. Or check your “passwords” Excel file. With a password manager, logging into websites becomes a one-click affair. This is not just a convenience; it reduces the friction that might otherwise lead you to use weaker passwords.

Getting Started with a Password Manager

Choosing the Right One

There are many password managers out there, and while they all serve the same basic function, some are better than others. Look for one from a reputable company and that is easy to use. Two popular ones are 1Password and Bitwarden. We often recommend Bitwarden since it’s free for personal use. If you’d like to dive in deeper, check out the Wirecutter reviews, which do a great job outlining each.

Setting It Up

1. Install the Software: Download and install the password manager on your devices. We recommend the browser extension and the mobile app.
2. Create a Master Password: This is the one password you need to remember. Make it a unique passphrase— multiple words, with numbers and symbols—and don’t reuse a password from any other site. You’ll only type this occasionally when you restart your browser or computer. Make sure to remember it (it’s okay to print it out and save it in a safe place).
3. Import Your Passwords: Many managers can import passwords from your browser or other password managers. If you’ve been using the same password for multiple sites, change those passwords to unique ones generated by the manager. Over the next few days, as you normally log in to services, add accounts to Bitwarden - and if you’ve saved passwords elsewhere, begin removing those.

Using It Day-to-Day

The password manager is similar to a semi-intelligent filing cabinet. When you go to a site, the manager automatically looks up the website you’re on and gives you a list of saved accounts for the site, allowing you to select and auto-fill the saved credentials.

And while it is intelligent, it’s not foolproof or integrated into the websites it is saving passwords for. Like if you stored your tax returns in a filing cabinet without filing them to the IRS.

1. Add New Accounts: Whenever you create a new account, use the password manager to generate a strong password and save it. This habit will keep your accounts secure from the start.
2. Update Old Passwords: Gradually update your existing accounts with strong, unique passwords. Start with the most critical ones, like your email, important work-related sites, and banking accounts.
3. Enable Two-Factor Authentication (2FA): Remember the all-eggs-in-one-basket concern? Add an extra layer of security by requiring a second form of verification. This usually consists of providing your phone number or installing an Authenticator app. Bitwarden instructions are here. 1Password instructions are here. We think this is essential.

Common Concerns

What if the Password Manager Gets Hacked?

Reputable password managers use strong encryption and controls to protect your data. Even if their servers were compromised, the attackers won’t be able to access your passwords without your master password. This means your master password should be robust - remember: multiple words, with numbers and special characters. Furthermore, most of them employ zero-knowledge architecture, meaning they don’t have access to your master password or the data it decrypts. But there is precedent for hacked password management companies, like LastPass.

What if I Forget My Master Password?

This is a valid concern. Most password managers have limited recovery options since they’re designed to be highly secure so that no one can “pretend” to forget your password and take over your account. The key is to remember and store your password and two-step verification codes in a secure place. Printing and storing them safely is acceptable for most people.

Isn’t This Just Adding Another Layer of Complexity?

Initially, it might seem like adding another step to your login process, but once you’re set-up, it actually simplifies things. No more password resets, no more struggling to remember complex passwords, and logging in becomes a breeze.

Using a password manager to create and use strong passwords is one of the simplest and most effective ways to improve your online security.

It reduces the risk of password breaches (since passwords are unique), saves you time (no more thinking up passwords or remembering them), and makes your digital life much more manageable (a free assistant does the heavy lifting).

Don’t wait for a security scare to start using one—make the switch and enjoy the peace of mind that comes with knowing your accounts are secure.

‍