The Password Problem
The average person manages dozens of online accounts. Using the same password across multiple sites is extremely common — and extremely dangerous. When one site is breached (and breaches happen constantly), attackers use stolen credentials to try accessing your email, banking, and other accounts automatically. This is called credential stuffing, and it works because so many people reuse passwords.
A password manager solves this problem completely. Here's how — and which one to choose.
What Does a Password Manager Actually Do?
- Generates strong, unique passwords for every site — long, random strings that are impossible to guess
- Stores them securely in an encrypted vault that only you can access
- Autofills credentials on websites and apps so you never type passwords manually
- Syncs across devices so your passwords are available on your phone, tablet, and computer
- Alerts you to breaches when a site you use has been compromised
You only ever need to remember one password: your master password. Make it a long passphrase (e.g., four random words strung together) that you'll remember but no one could guess.
Top Password Managers Compared
| Tool | Free Tier | Price (Paid) | Best For |
|---|---|---|---|
| Bitwarden | Yes (full-featured) | ~$10/year | Privacy-focused, open-source users |
| 1Password | No (trial only) | ~$36/year | Families and teams, polished UX |
| Dashlane | Limited (1 device) | ~$33/year | Beginners, includes VPN |
| Keeper | Limited | ~$35/year | Business and enterprise |
| Apple Keychain | Yes | Free | Apple ecosystem users only |
Our Recommendation: Bitwarden
For most individuals, Bitwarden is the best starting point. It's open-source (meaning its code is publicly audited for security), fully free for personal use, and works across all platforms and browsers. The paid upgrade is inexpensive and adds features like encrypted file storage and two-factor authentication reports.
If you're deeply embedded in the Apple ecosystem and only need passwords on Apple devices, the built-in iCloud Keychain is a reasonable free alternative — though it lacks cross-platform flexibility.
How to Get Started in 3 Steps
- Install your chosen manager and create an account. Write your master password down on paper and store it somewhere safe — this is the one exception to "don't write passwords down."
- Import existing passwords from your browser (Chrome, Firefox, and Safari all let you export passwords as a CSV). Most password managers have a direct import feature.
- Gradually replace weak/reused passwords. Start with your most important accounts: email, banking, and social media. Change those passwords first, letting the manager generate strong replacements.
Don't Forget Two-Factor Authentication
A password manager significantly improves your security, but pair it with two-factor authentication (2FA) on critical accounts for an additional layer of protection. Use an authenticator app like Aegis (Android) or Raivo (iOS) rather than SMS codes — authenticator apps are more secure than text messages.
The Risk of Not Using One
The inconvenience of setting up a password manager is about one hour. The inconvenience of a compromised email or bank account can be weeks of recovery, financial loss, and significant stress. The math is simple. Set one up today.