How to Use a Password Manager

Beginner Time: 30 minutes Category: Account Security

A password manager stores and generates strong, unique passwords for every account you have. Instead of remembering dozens of passwords, you only need to remember one master password. This eliminates the biggest vulnerability most people have: reusing the same password across multiple sites.

Why This Matters

According to Verizon's Data Breach Investigations Report, over 80% of hacking-related breaches involve stolen or weak passwords. The average person has over 100 online accounts, and studies show that most people reuse the same handful of passwords across them. When one site gets breached, attackers use automated tools to try those credentials on hundreds of other sites within minutes, a technique called credential stuffing. A password manager eliminates this risk entirely by generating a unique, random password for every account.

Step-by-Step Instructions

  1. Choose a password manager. Top recommendations are 1Password (paid, excellent family plan), Bitwarden (free tier available, open-source), or Proton Pass (free tier, privacy-focused). All three work across Windows, Mac, iOS, and Android.
  2. Create your account and set a strong master password. This should be a long passphrase of 4-6 random words, like "correct horse battery staple violin moon." This is the one password you need to memorize. Do not reuse any existing password for this.
  3. Install the browser extension for your chosen manager (available for Chrome, Firefox, Safari, Edge) and the mobile app on your phone. The browser extension will auto-detect login forms and offer to save or fill passwords.
  4. Start by adding your most critical accounts: email, banking, and social media. Log in to each site, and when prompted by the browser extension, save the credentials. Then immediately use the password manager's generator to create a new, strong, random password and update it on the site.
  5. Work through your remaining accounts over the next few days. Check your browser's saved passwords (Chrome: Settings > Passwords, Firefox: Settings > Passwords) and import them into your password manager, then delete them from the browser.
  6. Enable 2FA on your password manager account itself. This is critical. Use an authenticator app, not SMS.
  7. Save your password manager's emergency kit or recovery codes in a secure physical location (like a safe or safety deposit box). This is your backup if you forget your master password.

Common Mistakes to Avoid

  • Using a weak master password: Your master password protects everything. Use a long passphrase, not a short or predictable password.
  • Not installing the browser extension: The browser extension is what makes a password manager convenient. Without it, you end up copying and pasting passwords manually, and you will stop using it.
  • Keeping old passwords in your browser: After migrating to a password manager, delete saved passwords from your browser and disable the browser's built-in password saving feature.
  • Sharing your master password: Never share your master password with anyone. Password managers have built-in secure sharing features for sharing individual passwords with family members.
  • Not having a backup plan: If you lose access to your master password with no recovery method, you lose access to everything. Print and securely store your recovery kit.

Additional Tips

  • Use your password manager's password generator to create passwords of at least 20 random characters for every site.
  • Take advantage of secure notes to store other sensitive information like software license keys, Wi-Fi passwords, and security questions.
  • If you have a family, consider a family plan. 1Password and Bitwarden both offer family plans that let you share specific passwords (like streaming logins) while keeping personal accounts private.

Last updated: February 10, 2026