The average person has over 100 online accounts. If you’re reusing passwords across them — and most people do — a single data breach can compromise everything. A password manager solves this by generating and storing unique, strong passwords for every account, locked behind one master password.

Why You Need a Password Manager

• You can’t remember 100+ unique passwords — So you reuse them, which is the #1 cause of account takeovers
• Data breaches are constant — Check haveibeenpwned.com to see if your credentials have leaked
• Strong passwords matter — J8k#mP2$vL9@nQ is far more secure than MyDog2024!
• Auto-fill prevents phishing — A password manager won’t fill credentials on fake lookalike sites
• Secure sharing — Share passwords with family or team members without revealing them in plain text

Choosing a Password Manager

Feature	Bitwarden	KeePass	1Password
Price	Free (Premium $10/yr)	Free	$36/year
Open Source	Yes	Yes	No
Cloud Sync	Built-in	Manual/plugins	Built-in
Self-Hosting	Yes (Vaultwarden)	N/A (local file)	No
Browser Extension	Yes	Via plugins	Yes
Mobile Apps	iOS, Android	KeePassDX (Android), Strongbox (iOS)	iOS, Android
2FA/TOTP	Premium feature	Via plugins	Built-in
Family Sharing	$40/year (6 users)	Manual file sharing	$60/year (5 users)
Best For	Most users	Privacy maximalists	Apple ecosystem

Recommendation: Start with Bitwarden — it’s free, open source, and works everywhere. If you want full offline control, use KeePass.

Setting Up Bitwarden

Create an Account

1. Go to bitwarden.com
2. Click Get Started → Create Account
3. Choose a strong master password — this is the only password you need to remember
   • Minimum 12 characters
   • Use a passphrase like correct-horse-battery-staple (4+ random words)
   • Never reuse your master password anywhere else

Install Everywhere

Bitwarden works across all platforms:

• Browser Extension: Chrome, Firefox, Safari, Edge
• Desktop App: bitwarden.com/download
• Mobile: iOS App Store, Google Play
• CLI: npm install -g @bitwarden/cli

Import Existing Passwords

If you have passwords saved in Chrome, Firefox, or another manager:

1. Export from Chrome: Settings → Passwords → ⋮ → Export passwords (saves as CSV)
2. Import to Bitwarden: Web vault → Tools → Import Data → Select format → Upload file
3. Delete the exported CSV immediately — it contains all your passwords in plain text

Generate Strong Passwords

When creating new accounts or updating old ones:

1. Click the Bitwarden browser extension
2. Click Generator
3. Configure:
   • Password length: 20+ characters
   • Include uppercase, lowercase, numbers, special characters
   • Or use a passphrase (4+ random words)
4. Copy and save

Organize with Folders

Create folders to organize your vault:

• Social Media
• Financial
• Work
• Shopping
• Development

Enable Two-Factor Authentication

Protect your Bitwarden account itself with 2FA:

1. Go to Web Vault → Settings → Security → Two-step Login
2. Choose a method:
   • Authenticator App (recommended) — Use Authy or Google Authenticator
   • Email — Sends a code to your email
   • YubiKey (Premium) — Hardware security key

Self-Hosting Bitwarden with Vaultwarden

If you want complete control over your password data, self-host using Vaultwarden (a lightweight Bitwarden-compatible server):

docker run -d \
  --name vaultwarden \
  --restart unless-stopped \
  -v /opt/vaultwarden/data:/data \
  -p 8080:80 \
  -e SIGNUPS_ALLOWED=false \
  -e ADMIN_TOKEN=your-long-random-admin-token \
  vaultwarden/server:latest

Put it behind Nginx with SSL (see our Nginx reverse proxy guide), then point your Bitwarden apps to your custom server URL.

Important: If you self-host, you’re responsible for backups. Set up automated backups of the /data directory.

Setting Up KeePass (Offline)

KeePass stores your passwords in an encrypted .kdbx file locally — no cloud, no accounts, complete privacy.

Install KeePassXC

KeePassXC is the modern, cross-platform version:

# macOS
brew install --cask keepassxc

# Ubuntu/Debian
sudo apt install keepassxc

# Windows — download from keepassxc.org

Create a Database

1. Open KeePassXC → Create New Database
2. Set database name
3. Choose encryption settings (defaults are secure)
4. Set a strong master password
5. Optionally add a key file for extra security (store on a USB drive)
6. Save the .kdbx file

Sync Across Devices

Since KeePass is a local file, you need to sync it yourself:

• Syncthing (recommended) — Free, peer-to-peer sync: syncthing.net
• Cloud storage — Dropbox, Google Drive, OneDrive (the file is encrypted, so this is reasonably safe)
• USB drive — Manual but most secure

Mobile Apps

• Android: KeePassDX (free, open source)
• iOS: Strongbox or KeePassium

Password Best Practices

Strong Master Password

Your master password is the most important password you have. Make it:

• At least 14 characters (20+ is better)
• A passphrase: timber-galaxy-frozen-pencil-17 is strong and memorable
• Unique — Never used anywhere else
• Memorable — You should never need to write it down

For Individual Passwords

• 20+ characters for important accounts (banking, email)
• 14+ characters for everything else
• Let the password manager generate them — never make them up yourself
• Never reuse a password across sites

Enable 2FA Everywhere

Two-factor authentication adds a second layer of security. Enable it on:

1. Email accounts (Gmail, Outlook) — Most critical, since email resets other passwords
2. Financial accounts (banking, crypto)
3. Social media (Twitter, Instagram, Facebook)
4. Cloud storage (Google Drive, Dropbox)
5. Developer accounts (GitHub, AWS, hosting providers)

2FA methods ranked by security:

1. 🔑 Hardware key (YubiKey) — Best
2. 📱 Authenticator app (Authy, Google Authenticator) — Great
3. 📧 Email codes — Good
4. 📲 SMS codes — Avoid if possible (vulnerable to SIM swapping)

Emergency Access

Plan for what happens if you can’t access your vault:

• Bitwarden: Set up Emergency Access (Settings → Emergency Access) — a trusted contact can request access after a waiting period
• KeePass: Store a backup of the .kdbx file and master password in a physical safe
• Recovery codes: When you set up 2FA, save recovery codes in a secure physical location

Migrating from Browser Saved Passwords

1. Export passwords from your browser (Chrome: chrome://password-manager/settings → Export)
2. Import into your password manager
3. Delete the export file securely
4. Turn off the browser’s built-in password manager:
   • Chrome: Settings → Passwords → “Offer to save passwords” → Off
   • Firefox: Settings → Privacy → Logins and Passwords → Uncheck all
5. Review and update weak/reused passwords over time — most managers flag these

Checking for Compromised Passwords

Bitwarden

Go to Tools → Vault Health Reports (requires Premium):

• Exposed Passwords Report — Checks against known data breaches
• Reused Passwords Report
• Weak Passwords Report

HaveIBeenPwned

Check manually at haveibeenpwned.com:

• Enter your email to see which breaches it appeared in
• Enter a password hash to check if it’s been exposed
• Sign up for notifications about future breaches

Conclusion

A password manager is the single most impactful thing you can do for your online security. It takes about 30 minutes to set up, and then every account you have becomes significantly more secure. Start with Bitwarden — it’s free, open source, and works on every device. Import your existing passwords, then gradually update weak and reused ones. Your future self will thank you the next time a data breach makes the news.