Manage Your Passwords

In an ideal future, we won’t need passwords at all! But while we do, let’s manage them better.

I’m kind of excited about this post since I’m a huge proponent of password managers. Once again, we’re switching lanes a little bit and talking about security with just a hint of privacy. Let’s get right to it!

Photo by regularguy.eth on Unsplash

What am I suggesting and why?

Download a password manager and use it properly. We’ll walk through what a password manager is, how it can help protect your accounts, and best practices for using one.

Duration: 30 minutes — several hours, depending on how much you want to set up at one time.
Ease: Medium — take your time with it, it’s a lot to wrap your brain around at first, but it gets easier the more you use it!
Cost: Free

What is a password manager?

As the name suggests, it manages your passwords! You should have a unique password for each of your accounts, but remembering a billion passwords isn’t possible.

Best practices for passwords also suggest they should include upper and lower case, special characters, etc. There’s just no way to keep all of that in your brain, so most people default to 1–2 password combinations that they use across many accounts.

The problem is, of course, if one username or email and password combination is leaked, this could wreak havoc on any other accounts using the same combo.

A password manager can generate unique passwords for all of your accounts, and give you access to your login credentials with a click or tap. All you need to remember is one very, very good password. And don’t forget that password.

My web browser saves my passwords, isn’t that enough?

Absolutely not. Your web browser is not a secure place to house your passwords. For one, they’re easily broken into. For another, your passwords aren’t typically password protected (there are a few exceptions, but it’s still very easy to get past). Basically, if someone has access to your computer, they also have access to all your passwords. No bueno.

Bitwarden doesn’t know what your passwords are. They’re encrypted, and only when you enter your master password is your vault decrypted for you to access it. No one without your master password can ever decrypt your passwords. Don’t ever use your master password for any other account, and don’t lose it.

You in? Let’s get started…

First off, we need to get you a password manager. I recommend Bitwarden, it’s my go-to these days since I’ve had mediocre experiences with 1Password, and LastPass (my old fave) is now paid if you want to use it on more than one device (which you will, trust me).

1: Start Using Bitwarden

1. Sign up for a Bitwarden account. Please note: When you are creating your Bitwarden password, make sure it is a completely unique and secure password, and don’t forget it! You should never, ever use your Bitwarden password on any other account that you create or reuse a password you’ve used on any other account as your Bitwarden master password.
2. Download the Bitwarden extension for your web browser.
3. Start saving your passwords to Bitwarden as you log into your accounts!

If you saved your passwords in your web browser previously, it’s possible to import those into Bitwarden. It’s easiest from Chrome/Brave, Firefox, and Safari/MacOS (instructions for each linked).

For everyone else (or if you just want to go with a slow transition), just start logging into your accounts like usual, and Bitwarden will ask if you want to save your password to Bitwarden. Say yes!

2: Turn Off Your Browser’s Password Saver

Now we want to stop our own web browser from asking us to save passwords. We only want to save them in Bitwarden from now on.

I’m not going to walk through all the different browser instructions since Bitwarden has a great walkthrough for many browsers already.

3: Delete Saved Passwords from Your Browser (with a Caveat)

Only delete these after you’re absolutely sure you’ve got all your passwords saved in Bitwarden. If you exported them and then imported them to Bitwarden, go for it. If you’re playing the long game and only saving passwords as you go, don’t delete these yet or you may have a tough time accessing your accounts.

4: Generate Passwords From Now On

1. Anytime you sign up for a new account, open your Bitwarden extension (I suggest pinning it to your browser toolbar), and click “Generator” at the bottom. Let Bitwarden create a password for you!
2. Copy the generated password, and paste it into the password fields when you create a new account.
3. Once you finish creating the account, Bitwarden will ask if you want to save the login, and of course, say yes!

5: Start Changing Your Insecure Passwords

You can see how secure your passwords are using Bitwarden’s reports function.

1. Visit https://vault.bitwarden.com/#/reports.
2. You should look at all the reports, but focus particularly on the first three (Exposed Passwords, Reused Passwords, and Weak Passwords).
3. Change passwords that have been exposed, reused, or are considered ‘weak’ (meaning they’d be easy to figure out).

Prioritize changing any passwords that show up in the “Exposed Passwords” report. These are already compromised and need to go immediately!

For the rest, take your time! It’s hard to do it all at once, but if you know you’ve got a password you reuse often, it’s a good idea to start changing those passwords as you log into those accounts. I’ve been using password managers for years, and I still have a good handful of weak and reused passwords. No one is perfect, just do your best!

We’ve covered your web browser, but what about your phone?

Still pretty easy! Download the Bitwarden app for iOS or Android!

Both iOS and Android also allow Bitwarden to auto-fill your account information when you try to log in somewhere.

Auto-Fill Passwords For Android

1. Open your Bitwarden Android app and tap the  Settings tab.
2. Tap the Auto-fill Services option.
3. Toggle the Auto-fill Service option. You’ll be automatically redirected to an Android Settings screen.
4. From the Auto-fill Service list, tap Bitwarden.
5. Confirm you trust Bitwarden.

See detailed instructions.

Auto-Fill Passwords for iOS

1. Open the iOS Settings app on your device.
2. Tap Passwords.
3. Tap AutoFill Passwords.
4. Toggle AutoFill Passwords on and tap Bitwarden in the Allow Filling From list.

See detailed instructions.

Dig Deeper

Passwords aren’t the only things you can store in your vault. There’s also an option to save secure notes, so if there are other important or private notes you need saved, I’d recommend putting them in your vault as well.

One good use for this is when you use 2-Factor Authentication (which you should!), you may get a list of codes that you need to store in case you aren’t able to use a different method of authentication. I store these right in my password manager for safe keeping.

You can also store things like credit card numbers, addresses, social security numbers, etc. Just be sure whenever you put all your eggs in one basket that that basket is securely locked.

Learn More

• “The Best Password Managers to Secure Your Digital Life” Wired
• “The Best Password Managers” NYTimes
• “Are Password Managers Safe?” Forbes