What's a Password Manager? 

    A password manager is a piece of software, or a program, that creates and remembers extraordinarily complex passwords for you.

    Let's walk through it step by step.

    Imagine you are making a new account on a website. Let's say you're opening a new bank account and are registering for their online banking. You definitely want to keep your money protected, so we're going to want to use a good password!

    But if you recall from previous sections, the ideal password contains both a lot of entropy and few dictionary words. It also has to be unique; you can't use this password anywhere else ever.

    Well, it sounds like what we want is something like this: 7xDFCCP7ii7jHgAwcHsBRP6g$

    But how on earth are we going to remember that? And how are we even going to create something that random (humans are actually horrendous at randomness; we are predisposed to seek patterns)?

    Enter the password manager.

    I didn't make that password up. I generated it with BitWarden, a free password manager. When I make my new banking account, I'm going to save the web address, username, and password as an entry in BitWarden. Next time I need to login to my online banking, BitWarden has my credentials. I no longer need to do any of the heavy lifting! Now you have a machine just as powerful as the burglar's, installing unique and complex locks onto all of your doors.

    Of course, there is some risk to having all of your passwords in one place. What if somebody somehow steals your BitWarden vault?

    The vault is heavily encrypted with a Master Password: if you try to read it without the Master Password, you just see a bunch of meaningless gibberish. So there is still one password we have to remember, but since it's the only one you will ever need to remember for the rest of your life, it should be easy to make something sufficiently complicated that we can still remember. How about something like: Amiable-Granite-Spoiler8-Grandson-Unhidden-Muppet

    Getting Started 

    Okay, enough theory. How do we actually get this set up?

    First, you're going to need to choose a password manager. I recommend BitWarden, since it has a very generous free plan and is available on Windows, Linux, Mac, Android, and iOS, so you have access to your vault wherever you are. Other options include 1password (similar but more pricey) and keepass (no online syncing, which is a pro to some and a nonstarter to others).

    Register an account. If you need help, follow the instructions here.

    Now you're going to want to make sure you can easily access the vault wherever you are. To accomplish this, we're going to install two things: a browser extension on your desktop, and a mobile app on your phone. You can find instructions here. There are a ton of options, but you can ignore most of them. Just find the actual platforms you use, such as Google Chrome or Android.

    Note: we do not recommend the desktop app or mobile authenticator. The desktop app claims to be native, but it's actually just a questionably-secure Electron wrapper; and there are better mobile authenticators out there, which will be covered in a future section.

    Also note: elsewhere in this site, we recommend against using browser extensions because they are a security vulnerability. This remains true, but it is better to use a password manager and accept that risk, than to not use a password manager. If you are ok with a significant amount of inconvenience, you can skip the browser extension and use the Web Vault.

    If you need help or have other questions, get in touch with your IT department. I'll be happy to walk you through it. This is really the kind of thing that is easiest to learn hands-on.