Step-by-step guide to choosing, setting up, and migrating to a password manager to secure all your online accounts with unique, strong passwords.
Last updated:
0 of 22 completed0%
Copied!
Choosing and Creating Your Account
Select a password manager that fits your needs
Look for one that works across all your devices (phone, computer, tablet) and supports browser extensions. Free tiers typically allow 1 device; paid plans cost $3-5 per month for unlimited devices. Family plans covering 5-6 people run $4-6 per month.
Create your account with a strong master password
Your master password is the one password you must memorize. Use a passphrase of 5-6 random words — something like 'correct horse battery staple' but longer. A 5-word passphrase has roughly 65 bits of entropy, which would take millions of years to crack.
Write down your master password and store it securely
Write it on paper and store it in a fireproof safe, a safe deposit box, or with a trusted person. If you forget your master password, most password managers cannot recover it — your entire vault becomes permanently inaccessible.
Save your emergency recovery kit or backup codes
Most password managers generate a recovery kit with a secret key or backup codes during setup. Print this and store it with your master password. These codes are your only way back into your vault if you lose access to all your devices simultaneously.
Installing on All Devices
Install the desktop application
Download from the password manager's official website only. The desktop app provides the fullest feature set including vault management, password generation, and secure notes. Installation takes 2-3 minutes on most computers.
Install browser extensions for every browser you use
Get the official extension from your browser's extension store. The extension auto-fills login forms and captures new passwords as you create them. Most people use 1-2 browsers — install it on all of them to avoid typing passwords manually.
Install the mobile app on your phone and tablet
Download from the official app store. Enable biometric unlock (Face ID or fingerprint) so you don't type the master password every time. On mobile, the app integrates with the autofill system to fill passwords in both browsers and native apps.
Verify sync works across all devices
Add a test entry on one device and check that it appears on the others within 1-2 minutes. If sync fails, verify you're signed into the same account on all devices and that your internet connection is working.
Importing Existing Passwords
Export passwords from your current browser
In your browser's password settings, look for 'Export Passwords' and save as CSV. This file contains every saved password in plain text — handle it carefully. The average person has 70-100 saved browser passwords to export.
Import the CSV file into your password manager
Most password managers have an Import function under Settings or Tools. Select your browser type and upload the CSV. The import processes 100-200 passwords in about 10-15 seconds. Review a few entries afterward to confirm they imported correctly.
Delete the exported CSV file permanently
After confirming the import worked, delete the CSV file from your computer and empty the trash/recycle bin. Also check your Downloads folder and any cloud-synced folders. That file is a complete copy of every password you own in readable text.
Delete saved passwords from your browser
Go to your browser's password settings and clear all saved passwords. Then disable the built-in password manager and auto-save prompts. You want your password manager to be the only place storing credentials. This prevents confusion about which passwords are current.
Organizing Your Vault
Create folders or categories for different account types
Set up 4-6 folders: Financial, Social Media, Shopping, Work, Email, and Subscriptions. This makes it faster to find specific passwords. Without folders, searching through 100+ entries becomes tedious within a few months.
Remove duplicate and outdated entries
Browser imports often include duplicates and old accounts. Most password managers have a 'Duplicate' or 'Reused' filter. Spend 15-20 minutes cleaning up — a typical import has 10-20% duplicate or outdated entries.
Add secure notes for non-password secrets
Store WiFi passwords, software license keys, PINs, and security answers in secure notes. These are encrypted the same way as passwords. The average person has 5-10 non-password secrets worth storing securely.
Replacing Weak and Reused Passwords
Run the built-in security audit
Most password managers include a security score or audit feature. It identifies weak, reused, and breached passwords. A typical first audit reveals that 40-60% of passwords are either reused or weak. Prioritize fixing the worst offenders first.
Replace reused passwords starting with financial accounts
Log into each site, go to account settings, and change the password. Use the password generator set to 20+ random characters. Do banking, email, and investment accounts first — these are highest-value targets. Changing 5 passwords takes about 15-20 minutes.
Generate unique passwords for remaining accounts
Work through 5-10 accounts per day until all are updated. Set the generator to at least 16 characters with uppercase, lowercase, numbers, and symbols. There's no reason to remember these — the password manager remembers them for you.
Check if any passwords appear in known data breaches
Use your password manager's breach monitoring feature or check accounts manually on a breach-checking service. If a password shows up in a breach, change it immediately even if you don't see suspicious activity — leaked credentials are sold in bulk within hours.
Emergency Access and Sharing
Set up emergency access for a trusted contact
Most paid plans let you designate an emergency contact who can request access to your vault after a waiting period (typically 24-72 hours that you set). If you're incapacitated, this person can access critical accounts like banking and insurance.
Share household passwords securely through the vault
Use the built-in sharing feature for WiFi passwords, streaming services, and shared accounts. Sharing through the vault is encrypted end-to-end. Never send passwords via text message or email — 35% of account compromises come from passwords shared through insecure channels.
Enable two-factor authentication on your vault
Go to Account Settings > Two-Factor Authentication. Use an authenticator app, not SMS, since SIM-swapping can intercept text codes. This means even if someone learns your master password, they still cannot access your vault without your phone.
Frequently Asked Questions
Are password managers safe to use?
Yes, and they are significantly safer than the alternative of reusing passwords or writing them down. Password managers encrypt your vault with AES-256 encryption, the same standard used by governments and banks. Even if a password manager company gets breached (as happened with LastPass in 2022), attackers still need your master password to decrypt anything. The real risk is not using one: 65% of people reuse passwords across accounts.
How much does a password manager cost?
Bitwarden offers a fully functional free tier that covers unlimited passwords across all devices. Paid plans from Bitwarden ($10/year), 1Password ($36/year), and Dashlane ($48/year) add features like family sharing, advanced 2FA, and dark web monitoring. Apple Keychain and Google Password Manager are free but limited to their respective ecosystems and lack cross-platform support.
What happens if I forget my master password?
Most password managers use zero-knowledge architecture, meaning they cannot recover your master password for you. If you forget it and did not set up a recovery method, you lose access to your vault permanently. That is why writing down the master password and storing it in a physical safe or bank deposit box is critical. 1Password and Bitwarden also provide emergency recovery kits with account keys during setup.
Which password manager is best for families?
1Password Families ($60/year for 5 users) and Bitwarden Families ($40/year for 6 users) are the top choices. Both let you share specific passwords like Netflix or the home WiFi without revealing the actual password text. 1Password has a more polished interface; Bitwarden costs less and is open-source. Each family member gets their own private vault plus access to shared vaults.
Can I use a password manager if I already save passwords in my browser?
Yes, and migrating takes about 10 minutes. Every major browser (Chrome, Firefox, Safari, Edge) lets you export saved passwords as a CSV file. Import that file into your password manager, verify the entries transferred correctly, then delete the CSV and turn off the browser's built-in password saving. Browser password storage lacks the security features, cross-platform sync, and breach monitoring that dedicated managers provide.