How to Use a Password Manager for Better Security

The vast majority of people are in the habit of reusing the same handful of fixed passwords over and over again across dozens of different websites. Yet the moment any one of those sites suffers a data breach, attackers immediately take that set of leaked credentials and go try them everywhere else, one site at a time — a technique known in the industry as credential stuffing. The very existence of a password manager is exactly what can fundamentally and completely eliminate this thorny risk.

Why Weak Password Habits Are Dangerous

The average person has over 100 online accounts, yet can only ever remember a mere 5 or 6 mutually distinct passwords. This directly gives rise to all manner of rather dangerous bad habits: reusing the same password everywhere, adopting variations so simple they are utterly fragile (such as password1, password2, and the like), and jotting passwords down in all sorts of insecure places. Data breach events mercilessly expose billions of account credentials every single year. The moment your password appears in some breach database, automated malicious programs will, within the span of just a few short hours, take it and try logging in with it across every single mainstream major website. That is why setting a strong and unique password individually for every single site is the only truly effective means of defense. And a password manager solves this very problem in one stroke, precisely by automatically generating and safely storing a complex random password for each and every one of your sites — so that in the end, the only thing you yourself need to remember is that single master password, which is both easy and secure.

Getting Started in 3 Steps

  • 1Step one: choose and install a suitable password manager. PrivaPass runs entirely within your local browser, requires no account registration at any point, and works right out of the box. Of course, other excellent options to choose from also include Bitwarden (which is open-source and offers a free tier), 1Password, or simply your browser's own built-in password manager — each with its own merits.
  • 2Step two: import or create password entries. You can start simply by saving each password as you log in to a site from now on. Most password managers also thoughtfully provide a convenient feature to bulk-import the passwords already saved in your browser. It is recommended that you generate brand-new random strong passwords first, one by one, for your most important and critical core accounts.
  • 3Step three: enable two-factor authentication (that is, 2FA) on your critical core accounts. This way, even if your master password is somehow leaked in some unexpected manner, 2FA adds a solid second line of defense for you, firmly blocking any unauthorized, illegitimate access and letting you rest easy.

Pro Tips for Password Security

Use a passphrase for your master password — that is, a sequence made up of 4 to 5 mutually random, entirely unrelated words. It is far more secure and reliable than a password that merely looks complex but is actually short, and it is also far easier for you yourself to remember. Please keep firmly in mind: never store your master password in any digital, electronic form anywhere at all. The safest approach is to write it down neatly on a piece of paper and then keep it safely in some secure, offline, physical place. Get into the good habit of regularly checking sites such as Have I Been Pwned (the address is haveibeenpwned.com) to see whether your email address has unfortunately turned up on the list of any known data breach events. The moment a service you are using announces publicly that it has suffered a data breach, proactively change the relevant password as soon as you can — never passively wait around until the very moment they force you to reset it before you take action.

Manage your passwords securely, entirely in your browser

Try PrivaPass
All Guides