If you're using the same password on multiple websites — or a variation of the same password — you're one data breach away from losing access to multiple accounts at once. A password manager is the fix. Here's what it is, why security experts universally recommend one, and which ones to use.
What a Password Manager Does
A password manager is an app that generates, stores, and autofills strong unique passwords for every website and app you use. You remember one master password; the manager handles everything else.
Instead of "MyDog2018!" on every site, you have randomly generated passwords like "Xk9#mP2@vQz7" — unique for every account, impossible to guess, impossible to crack by brute force.
Why This Matters: Credential Stuffing
Data breaches happen constantly. When a website gets breached, the leaked username/password combinations get uploaded to dark web marketplaces. Attackers run automated tools that try those combinations against hundreds of other sites — your bank, Amazon, Gmail. If you reuse passwords, one breach cascades into many.
This attack is called credential stuffing and it's responsible for the majority of account takeovers. The defense is simple: use a unique password on every site so a breach on one site can't compromise the others.
The Best Password Managers
Bitwarden — free, open source, has been independently audited, works on all platforms. This is the recommendation for most people. The free tier covers all core features with no restrictions.
1Password — paid ($36/year), excellent interface, business-focused features, strong security record. Good choice if you're managing passwords for a team or family.
Dashlane — includes a built-in VPN and dark web monitoring. More expensive than Bitwarden but more features.
KeePass — free, open source, stores passwords locally (not in the cloud). Maximum security but less convenient.
What About the Browser's Built-In Password Manager?
Chrome, Firefox, and Safari all have built-in password managers. They're better than nothing — they'll generate unique passwords and prevent reuse. But they have weaknesses: Chrome syncs your passwords to Google's servers, they don't work well across different browsers, and they lack security features like breach monitoring. A dedicated password manager is more secure and more convenient.
How to Switch to a Password Manager
- Download Bitwarden (it's free) and create an account
- Install the browser extension
- Import your existing passwords from your browser's password export
- As you log into sites over the next few weeks, let the manager update weak or reused passwords to strong unique ones
- Enable two-factor authentication on your Bitwarden account itself
The transition takes a few weeks of habitual use but becomes effortless after that.