Passwords

Why Bitwarden | How to Make the Switch | Additional Articles

Considerations

How many online accounts do you have? Ten? Twenty? Fifty? More? Gmail? Amazon? Netflix? Facebook? Do you have a unique password for each one of those accounts? Wondering how secure that password is? The top five most popular passwords (password, 123456, 12345678, 1234, and qwerty) could be cracked instantly. Go to How Secure is my Password to see how long it would take a computer to guess yours (and then promptly change it!). Keep in mind that cybercriminals now use advanced tools like AI-based password crackers, which can guess weak passwords even faster. This makes it more important than ever to use strong, unique passwords for every account.

Here's the thing... cybercriminals have automated tools which are used to crack weak passwords. If that password they crack happens to be the one for your email account, they can then use that access to reset countless others. If you use that same password across multiple accounts, you might as well just hand those criminals the key to your house.

"Your brain is a very bad password manager. It's incapable of storing more than a couple of genuinely random strings of reasonable length... That leads to compromises."^[1]

Things NOT To Do

Do not save your passwords in an unprotected text file.
Do not save your passwords in a browser. Browsers often store passwords in plaintext or with insufficient encryption, making them vulnerable to malware or unauthorized access. Always use a dedicated password manager instead.
Do not use weak passwords. That could include common words or phrases, your birth date, car model, or pet's name. Avoid passwords on the Most Common Passwords List.
Do not use password hints.
Do not duplicate passwords across websites.
Do not use passwords exposed in a data breach. You can check if your passwords have been exposed in a data breach by visiting Have I Been Pwned. If any of your passwords appear there, change them immediately. "This exposure makes them unsuitable for ongoing use as they're at much greater risk of being used to take over other accounts."^[2]

"If your password conforms to a recognisable pattern, there's a good chance it will either be in a password dictionary or guessable based on other known information about you (wife's or kids name, etc.) If it is short or doesn't contain sufficient variations in characters, the number of attempts required to guess it are going to be much lower; you become the low hanging fruit."^[3]

Things TO Do

Do use a password manager. This will securely save your encrypted login credentials for all online accounts. You need merely remember one master password to access all others. Password managers simplify your life by securely storing all your login details in one place. They also help you avoid reusing passwords across accounts, which is one of the most common security risks.
Do enable two factor authentication.
Do ensure that your master password is long (over 10 characters) and complex (uppercase, lowercase, numbers, and symbols). Do not include common words and ensure it's unique. Passphrases are an excellent alternative to traditional passwords. For example, "I spent the summer of '96 traveling the world!" This could translate to Istso'96ttw! It would take a computer 485 thousand years to crack that password. This approach makes passwords easier to remember while still being secure.
Do use the password generator supplied by your password manager to create a unique, complex password for each of your accounts.

Remember, "The only secure password is the one you can't remember."^[4] The National Cyber Security Centre in the UK answers the question "Should I use a password manager?" quite simply: "Yes. Password managers are a good thing."^[5]

Geek Tip: If you’re concerned about password strength, use your password manager’s built-in password generator to create long, random strings with at least 16 characters. For maximum security, include uppercase letters, lowercase letters, numbers, and symbols. Avoid using dictionary words or predictable patterns.

"Password managers don't need to be perfect, they just need to be better than *not* using them which they unequivocally still are." ^[6]

Why Bitwarden

There are a number of great password managers out there, and any one is better than none at all. We recommend Bitwarden primarily because, in addition to directly competing with the likes of 1Password, Dashlane, Keeper, and LastPass in terms of functionality and useability, it is 100% open source software. Open source software means that Bitwarden’s code can be reviewed and audited by security experts worldwide, ensuring transparency and trustworthiness. This reduces the risk of hidden vulnerabilities or malicious code.

Bitwarden is free to use. You can even use a free account to share collections with another person (e.g., a spouse or friend). If you want to pay $12 per year you can upgrade to Families which gives you password sharing for up to 5 people plus 1GB encrypted file storage. Paying another $10 per year will give you access to Premium, which includes password hygiene and vault health reports, 2FA key storage, and priority customer support. We've opted to do Families with Premium tacked on.

Other deciding factors:

Strong Encryption
Password Generator
Two-factor Authentication
Vault Health Report
Audit Logs
Browser Integration
Mobile Integration

Bitwarden has also introduced advanced features like biometric login options (e.g., fingerprint or facial recognition) and integration with hardware security keys for even stronger protection.

Once installed and setup, it's pretty straight-forward. "When you land on a site and try to login, the password manager will offer to do it for [you] - if it has your account details, that is. If it doesn't yet know your username and password for a particular site, it will capture them as you type them, and then encrypt them and save them for next time."^[7]

You can even autofill login credentials on your smart devices! "Bitwarden is now fully integrated with Android 9's AutoFill Framework for apps and web browsers. You can enable Bitwarden for AutoFill within the Bitwarden app under Tools -> AutoFill Service."^[8] And for those with an iPhone running iOS 12 or later, "Bitwarden is now fully integrated with Authentication Services and AutoFill in iOS 12. You can quickly log into any website or app using credentials stored in your Bitwarden vault, directly from the device keyboard."^[9] If you're using an app on a smart device not yet offering these capabilities, you can always open up the Bitwarden application, search for the relevant account, copy the password, and then paste it into the other app.

How to Make the Switch

Create a new account with Bitwarden.
Set up two factor authentication.
Install the Bitwarden application on your smart devices (iOS | Android) and your browser of choice (Brave | Chrome | Firefox | Microsoft Edge | Opera | Safari).
You can either set aside some time to add each of your account logins to Bitwarden, logging in, resetting the password with a random one supplied by your password manager, and saving it securely in Bitwarden (Use Bitwarden’s built-in password generator to create strong, unique passwords for each account), or you can add/change them as they are used over time. At a minimum, I would recommend changing your email, financial, and cell phone accounts immediately. You can import your existing passwords into Bitwarden from other sources like browsers or other password managers. Bitwarden provides detailed instructions for importing data securely here.

Delete stored passwords from all browsers previously used (Chrome | Firefox | Internet Explorer | Microsoft Edge | Opera | Safari) and turn off the ability to save them there. Deleting old stored passwords ensures that outdated or weak credentials are not left vulnerable to attackers. Double-check that all sensitive information has been removed from browser storage before relying solely on Bitwarden.
Going forward, remember that to access these newly stored login details (and save new ones), you must remain logged into the Bitwarden application of your browser. Be vigilant!

Yogi Tip: Don’t stress about memorizing every password. Just remember your master password for your password manager—let it handle the rest! Start by securing your most important accounts like email and banking, then update others over time as needed.

Additional Articles

James Vincent, "The Best Password Managers of 2025," The Verge, January 15, 2025.
Martin Brinkmann, "Latest Results from Bitwarden Security Audit," gHacks Technology News, November 13, 2024.
PCMag Editors, "Top Password Managers for Privacy and Security," PCMag, December 2024.
Proton Team, "Password Security Tips for Everyday Users," Proton Blog, October 2024.

Footnotes

^[1] Troy Hunt, "Password managers don't have to be perfect, they just have to be better than not having one," troyhunt.com, April 4, 2017.
^[2] Troy Hunt, "Pwned Passwords," troyhunt.com, 2018.
^[3] Troy Hunt, "The only secure password is the one you can't remember," troyhunt.com, March 21, 2011.
^[4] See footnote 3.
^[5] Emma W, "What does the NCSC think of password managers?," National Cybre Security Centre, January 24, 2017.
^[6] Troy Hunt, "@troyhunt," Twitter, March 31, 2017.
^[7] Jill Duffy, "Get Organized: Why Aren't You Using a Password Manager Yet?," PCMag Digital Group, July 21, 2014.
^[8] Kyle, AutoFill Improvements Come To iOS 12 & Android 9," Bitwarden, September 26, 2018.
^[9] See footnote 8.