How to Manage All Your Passwords for Free

Using the same password everywhere means one breach compromises every account you have. A password manager generates unique, strong passwords for every site and fills them in automatically. You remember one master password. The manager handles the rest.

Best Free Option: Bitwarden

Bitwarden is open-source, audited by third-party security firms, and free for unlimited passwords on unlimited devices. Install from bitwarden.com for your browser, phone, and desktop.

Setup: Create an account with a strong master password (at least 16 characters; use a passphrase like “maple-canyon-bicycle-seventeen”). This is the only password you need to remember. Enable two-factor authentication immediately.

Import existing passwords: Most browsers store passwords. In Chrome, go to passwords.google.com, export as CSV. In Bitwarden, go to Tools > Import, choose Chrome CSV, upload. All your existing passwords are now in Bitwarden. Delete the exported CSV file afterward (it contains all your passwords in plain text).

How to Use It Daily

When you visit a login page, the Bitwarden browser extension auto-fills your username and password. One click. When creating a new account, click the Bitwarden icon and select “Generate Password.” It creates a random 20+ character password, fills it in, and saves it. You never type or think about passwords again.

On your phone, Bitwarden integrates with the system autofill: Settings > Passwords > AutoFill Provider > Bitwarden (iPhone). Settings > System > Languages & Input > Autofill service > Bitwarden (Android).

Migrate Away from Browser Password Managers

Chrome, Firefox, and Safari all offer built-in password storage. They work, but they are tied to a single browser ecosystem. If you use Chrome on your laptop and Safari on your phone, passwords do not sync. Bitwarden syncs everywhere: Chrome, Firefox, Safari, Edge, iPhone, Android, Windows, Mac, and Linux.

Browser password managers also lack features like secure notes (for Wi-Fi passwords, software license keys, security questions), password health reports (identifying weak or reused passwords), and breach monitoring.

Password Health Audit

After importing, go to Bitwarden’s Reports tab (or Tools > Reports in the free tier). Run the “Reused Passwords” report. Change every password that appears on more than one site. This is the single most important security improvement you can make. Start with high-value accounts: email, banking, and social media.

Run the “Weak Passwords” report next. Replace any password shorter than 12 characters or based on dictionary words.

Emergency Access

Set up Bitwarden’s Emergency Access feature. Designate a trusted person (spouse, sibling) who can request access to your vault if something happens to you. You set a waiting period (1, 7, or 30 days). If you do not reject the request within that period, they gain access. This prevents your accounts from being permanently locked if you are incapacitated.

What About Apple Keychain or Google Password Manager?

Both are decent if you live entirely within one ecosystem. Apple Keychain syncs across all Apple devices via iCloud but does not work on Windows or Android. Google Password Manager syncs across Chrome on any platform but not in non-Chrome browsers. If you use mixed devices, Bitwarden is the better choice.

The Master Password

Your master password is the one password you must memorize. Make it strong: a passphrase of 4 to 6 random words works well. Never reuse it anywhere else. Enable two-factor authentication on your password manager for an additional layer of protection. If someone gains access to your password manager, they gain access to everything inside it.

Bottom Line

Install Bitwarden, import your existing passwords, and generate unique passwords for every account going forward. Run the reused-passwords audit and fix duplicates. One master password protects everything.