In today’s digital world, just about every service requires a username and password. If you’re like most people, you probably reuse the same email and a few familiar passwords across accounts. Sound familiar? I’ll admit, I think we’re all guilty of this as it’s hard to come up with passwords on the fly and a lot easier to simply reuse the same password for everything. But this VERY COMMON habit opens the door to significant risks. In this post, we’ll dive into why password managers are essential, the problems they solve, and how you can get started using one without sacrificing convenience or security.
What is a Password Manager? #
Let’s first address this question. In my line of work, one of my responsibilities during new Hire Orientations is to address security tools and best practices, including the use of password managers. When I ask the group if they’ve ever used one, or even know what it is, it’s not uncommon for most people to shake their heads. And that’s okay—I enjoy educating and password managers aren’t as widely recognized and used as they should be.
So, here’s my explanation: a password manager is a software program that securely stores, generates, and manages your passwords. It’s like a personal assistant for your digital life. To solve the old problem is reusing the same password for multiple account, we need to generate new and unique passwords for each online account. So, instead of coming up and trying to remember dozens of unique passwords, the password manager does the heavy lifting— it creates strong, unique passwords for each of your accounts and stores them safely.
Some password managers go above and beyond by offering features like:
- Secure notes for sensitive information
- Encrypted sharing with trusted individuals
- Password audits to help improve security (like scanning the dark web for any leaked data tied to your email address)
- Generates multiple reports to find security gaps in online accounts
- Seamless integration with browser and mobile devices
- Many more…
Why Should Everyone Use a Password Manager? #
Data breaches are not a matter of if but when. According to the 2024 Verizon Data Breach Investigations Report (DBIR):
- 74% of breaches involve the human element, including phishing, credential misuse, and errors.
- 39% of breaches are tied to stolen or compromised credentials, making weak or reused passwords one of the most significant vulnerabilities.
Consider this: even if you think your one strong password is “secure,” if it’s reused across multiple accounts and gets compromised in a breach, every linked account becomes vulnerable. Using a password manager ensures that each account has a unique, strong password, drastically reducing this risk.
How to Choose a Password Manager? #
The “best” password manager depends on your needs, but any password manager is better than none. You might find it a bit overwhelming trying to decide which password manager is right for you. Luckily, there are free or open-sourced password managers, as well as paid options. My recommendation is to google what are some of the top password managers in the current year, research their reputation, and start exploring. A lot of the top reputable password managers offer a free tier, which offer the basic functionality and use, but limiting some of the premium features you get from the paid version. That being said, here are some key features to look for when choosing a password manager:
1. End-to-End Encryption #
Look for password managers with end-to-end encryption and a “zero-knowledge” architecture. This means only you can decrypt your data—neither the company nor hackers can access your vault. Note: if you forget your master password, it’s unrecoverable, so choose carefully and keep it safe.
2. Strong Password Generator #
A good password manager should offer robust password generation. For instance, Bitwarden lets you customize password complexity or generate random passwords or passphrases effortlessly. You can set default values for future passwords, such as minimum character length of 25, include uppercase, lowercase, numbers, and special characters.
3. Cloud-Based vs. Local Vaults #
- Cloud-Based: Tools like LastPass or Bitwarden are cloud-based, meaning you can sync across multiple devices, offering convenience for multi-device users. However, this comes with online exposure, so a strong master password and proper security practices are critical.
- Local: Tools like KeePass store data on your device (locally), eliminating online risks but requiring extra care to secure your physical device. Another drawback is that you won’t be able to sync across your devices. So when you save a password in your vault, you’ll have to manually copy the individual credentials to another device or the entire database.
- There are use cases for both cloud-based and local vaults, just depends on your preference and convenience.
Why Bitwarden is My Choice #
There are plenty of excellent password managers, including LastPass, 1Password, NordPass, and Keeper. But my favorite is Bitwarden, and here’s why:
-
Open-Source
When something is
open-source, it means that it’s code is publicly available. This means that it ensures transparency and ongoing security checks by a community or contributors. -
Zero-Knowledge Architecture
As mentioned earlier, don’t think that by using Bitwarden’s password manager (which is hosted on their servers) they’ll have access to your passwords. Zero-knowledge means that only you can access your vault.
-
Cost
Bitwarden offers both, a free and premium version. The free tier offers features that rival paid versions of other managers. At just $10 per year, Bitwarden’s premium tier adds advanced features for less than $1 a month. Click here to check their pricing options.
Ok, ok. So you’re convinced and want to get started right away, right? The following steps will walk you through creating an account and setting everything up so you can begin your journey of securing your digital life!
Creating an Account #
To get started, navigate to Bitwarden.com, and select ‘Get Started’.
Remember, if you forget your password, there is no way to recover it, not even from Bitwarden’s customer service.
==Tip: Write this password in a piece of paper and store it in a secure location (i.e. physical safe, etc.)==
Once the account is created, go ahead and login to your account from the desktop app, browser extension, or mobile app. Simply navigate to https://bitwarden.com/download/ and chose from the list that first your Operating System (OS) and browser.