How to Use a Free Password Manager (and Why You Really Need One)

Here's an uncomfortable truth: if you use the same password (or a couple of variations) across your accounts, a breach at any one site puts all of them at risk. Attackers take leaked passwords and try them everywhere. The single best thing you can do for your online safety is start using a password manager — and good ones are free. Here's how, in plain language.

What a password manager actually does

A password manager is a secure, encrypted vault for all your logins. You remember one strong master password; it remembers everything else. It can generate a long, random, unique password for every site, fill them in automatically, and sync them across your devices. You go from juggling weak, reused passwords to having a different fortress-grade password for every account — without memorising any of them.

Why this matters more than antivirus

Most account hacks don't involve sophisticated attacks — they involve reused passwords leaked from some unrelated website. A password manager makes every password unique, so a breach at one site can't unlock the others. It's the highest-impact, lowest-effort security upgrade available to a normal person.

Free password managers worth using

• Bitwarden — free, open-source, and genuinely full-featured on the free tier. Works on every platform with browser extensions and mobile apps, and syncs across all your devices for free. This is the one we recommend to almost everyone.
• Proton Pass — from the makers of Proton Mail, with a solid free tier and a strong privacy focus.
• Your browser's built-in manager — Chrome, Edge and Safari can store and sync passwords. Better than reusing passwords, though a dedicated app like Bitwarden is more secure and works across different browsers.

Setting it up (about an hour)

1. Create an account with Bitwarden and set a strong master passphrase. Write it down on paper and store it somewhere safe until it's memorised.
2. Install the browser extension and the mobile app, and sign in.
3. Add logins as you go. Don't try to add everything at once. The next time you log into a site, let the manager save it. Within a couple of weeks, all your regular accounts will be in the vault.
4. Fix your weak passwords gradually. Start with the important ones — email, banking, social media. For each, use the manager's generator to create a new random password and update it on the site. Email first: it's the master key that can reset everything else.

Add two-factor authentication too

For your most important accounts, turn on two-factor authentication (2FA) — a second code in addition to your password. Even if someone somehow gets your password, they can't log in without the code. Combined with unique passwords from your manager, this makes your accounts very hard to break into.

The bottom line

You don't need to be technical, and you don't need to pay. Install Bitwarden, set one strong master passphrase, and let it take over from there. An afternoon of setup buys you years of dramatically better security — and you'll never have to click "forgot password" again.

Frequently asked questions

Why do I need a password manager?

Because reusing passwords is the biggest everyday security risk. When one site is breached, attackers try that password everywhere. A password manager gives every account a unique, strong password, so one leak can't unlock the others.

Which free password manager is best?

Bitwarden is the one we recommend to most people: free, open-source, full-featured on the free tier, and it syncs across all your devices at no cost. Proton Pass is another solid, privacy-focused free option.

What if I forget my master password?

Your master password is the one thing you must not lose, as it can't usually be recovered. Make it a long, memorable passphrase of four or five random words, and write it on paper stored somewhere safe until you've memorised it.