How to set up a password manager

Why this matters

Reused passwords are the #1 cause of account takeover. When any site you’ve used gets breached — and dozens do every year — attackers immediately try the leaked email/password combos on banks, email providers, and social platforms. This is called credential stuffing, and it works because most people reuse passwords.

A password manager generates and stores a unique random password for every site, so a breach of one site can’t cascade to others. It also makes phishing attacks against that password useless, because the manager auto-fills only on the real domain.

The friction of memorizing dozens of unique passwords is what made reuse universal. A password manager removes that friction entirely.

How to do it

1. Install Bitwarden on your computer and your phone. Why Bitwarden: free, open-source, independently audited, works on every platform and browser. Alternatives: 1Password if you want a more polished UI and will pay $3/month; KeePassXC if you want fully offline storage.
2. Create a strong master password — use a 5-word passphrase you can remember (e.g. correct-horse-battery-staple-pizza). This is the one password you must never forget. Write it down on paper and store it somewhere safe at home.
3. Enable biometric unlock (Face ID / Touch ID / fingerprint) on your phone for daily use.
4. Install the browser extension on your computer. It auto-fills logins and warns when a site’s credentials have been in a breach.
5. Over the next month, replace existing passwords as you log into each site. Start with email and banking — those are the highest value accounts.

What you don’t need

You don’t need to pay for LastPass or Dashlane. You don’t need to migrate everything in one sitting — replacing passwords gradually as you log in is the right approach.