How to Set Up a Password Manager (and Why I Wish I'd Done It Years Ago)

I reused the same three passwords across everything until a website I’d forgotten about got breached, and suddenly someone was trying my email password on every site they could think of. Nothing catastrophic happened, but it scared me into fixing it properly. A password manager took one afternoon to set up and removed an entire category of worry. Here’s the no-jargon version.

What a password manager actually does

It’s a locked vault for all your logins. You remember one strong master password. It remembers everything else — and generates a different, random, ridiculous password for every single site. When you visit a site, it fills the login in for you.

So if one site gets breached, that password is useless anywhere else, because you never reused it. That’s the whole magic.

Step 1: Pick one

You don’t need to overthink this. Good options:

• Bitwarden — free tier is genuinely enough for most people, open-source, works everywhere. This is what I’d start with.
• 1Password — paid, but polished and great for families. Worth it if you want the smoothest experience.
• Your browser’s built-in one — better than reusing passwords, but weaker than a real manager and locks you into one browser.

Start with Bitwarden if you’re unsure. Free, and you can always move later.

Step 2: Create a master password you can actually remember

This is the one password protecting everything, so it has to be strong and memorable. Don’t use a single word. Use a passphrase — four random words strung together with a number, like correct-battery-staple-47. Long and weird beats short and complex.

Write it down on paper and keep it somewhere safe at home until it’s in your memory. If you forget the master password, nobody — not even the company — can recover your vault. That’s the point, but it means don’t lose it.

Step 3: Install it everywhere you log in

Add the browser extension on your computer and the app on your phone. This is what makes it painless — it auto-fills logins so you’re not copy-pasting. If it’s annoying to use, you’ll stop using it, so set up the convenience parts now.

Step 4: Replace your worst passwords first, over time

Don’t try to change all 200 passwords in one sitting. You’ll burn out. Instead:

1. Change your email password first — it’s the master key to everything else, because every “reset password” link goes there.
2. Then your bank and finances.
3. Then anything with your card saved — shopping sites, etc.
4. Everything else, change it lazily as you log in over the coming weeks.

Each time, let the manager generate a random password and save it. You never have to see or type it.

Step 5: Turn on two-factor while you’re at it

For your email and bank especially, switch on two-factor authentication (2FA). Even if someone gets the password, they can’t get in without the second code. Belt and suspenders, and most managers can store the 2FA codes too.

That’s it. One afternoon, and you go from “one leak ruins my month” to “one leak is a shrug.” I genuinely can’t think of a better hour-for-safety trade in all of personal tech.

Frequently asked questions

Is it safe to keep all my passwords in one place? Yes — far safer than reusing a few passwords everywhere. The vault is encrypted, and one breach no longer cascades across every account.

What happens if I forget the master password? Nobody can recover it for you — that’s the point, but it means you must write it down somewhere safe until it’s memorized.

Free or paid manager? Bitwarden’s free tier is enough for most people. Start there; you can always move to a paid option like 1Password later.

Next steps

• A free tool that replaced a paid app for me too: 7 free tools that replaced paid apps.
• While you’re securing things, speed up a slow laptop.
• Organize the rest of your digital life: Notion vs Obsidian.