2026 Security Checkup: Password Manager First Steps ⭐

Password managers are the key to properly securing your online accounts, but they can also be confusing. The term password manager is itself inadequate, for starters, as these solutions are really identity managers that also manage and protect passkeys and personal information while helping fight online fraud and other malicious behavior. But there are too many of them, and too many of us have collections of passwords in multiple places. And the best password managers are not free.

? Why use a password manager

A password manager helps us overcome the inherent security issues with passwords by protecting our online accounts via proactive means such as creating and managing complex passwords and passkeys in a single, secure place.

Leaving aside the reality that you are already using one or more password managers every day across all your devices, you need to use a password manager. And I mean a password manager, meaning one password manager. Once you’ve chosen and started using a password manager, you should disable previous password managers and delete any data they contain.

Some will inevitably bring up the point that a password manager is a single point of failure. That’s ridiculous. Right now, you’re the weakest link in the protections placed around your online accounts. And you will properly secure your password manager with multifactor authentication (MFA) via a separate app, just as you do with those online accounts that support it.

❓ What to look for in a password manager

At a high level, every password manager, even the inferior solutions built into your web browser, offers the same basic features:

• Store and manage passwords (really, usernames and passwords) for the online accounts you use to access websites, apps, and services.
• Generate strong passwords for new online accounts or to replace existing passwords.
• Autofill your sign-in credentials (username and password) when you need to sign-in to a website (via a browser extension on desktop or a standalone app on mobile) or an app (via a standalone app on mobile or desktop).
• Sync your passwords and other personal information to the cloud so that changes made on one device are available everywhere immediately.
• Protect your access via whatever biometric security capabilities your PC, phone, or tablet offers. Each time you access your password manager on any device, you will authenticate yourself, proving you are who you are.

But you should expect more from a password manager than those basic features. Some additional features to expect if not demand include:

• Passkey support.
• Payment method support so you can autofill credit card and other payment method information automatically.
• Proactive scanning of accounts for vulnerabilities and Dark Web leaks. This can include highlighting which of your accounts have weak or reused passwords, accounts that support 2FA or passkeys you have not configured, and more.
• Email alias support so you can sign up for newsletters or websites using a unique email address and not your real address.
• Personal information storage for items like passports, driver licenses, or any arbitrary files or data.
• Emergency and continuity access so loved ones can access your password manager in an emergency or if you are incapacitated or dead.

✅ Choose a password manager

There are too many password managers. Chances are, you have several possible solutions on each of your devices.

• Platform makers like Apple, Google, and Microsoft all offer password managers.
• Apple and Google integrate their password managers with their respective platforms (iOS, iPad, macOS, Android, Chrome OS).
• Google and Microsoft integrate their password managers with their respective browsers (Chrome and Edge).
• Web browser makers (Brave, Firefox, Opera, Vivaldi, and others) provide built-in password managers in their apps.
• Third-party password managers generally offer much more comprehensive protections than any of the above, with the caveat that most of these solutions are not free, or not available in a free version.

You should use Proton Pass

I use and recommend Proton Pass because it’s made by a company I explicitly trust. It’s open source, offers end-to-end encryption, and it’s available everywhere, with mobile apps for Android, iPhone, and iPad, extensions for all major web browsers, and desktop apps for Linux, macOS, and Windows. Proton Pass also offers many additional security tools and services that I feel elevate it over the competition, as does its simple and obvious user interface.

Proton Pass is also available in a free version. As you might expect, it offers more and better features if you pay, but a free Proton account gets you two vaults (encrypted digital containers for logins, aliases, and secure notes, vs. 50 for a paid Proton plan), 10 hide-my-email addresses (vs. unlimited for paid), and the ability to share your credentials with up to two other people (vs. 10 on the paid plans). Those with a paid Proton plan also get a built-in 2FA (two-factor) authenticator, though I strongly recommend using the separate Proton Authenticator app instead.

If you’re curious about the pricing of non-free plans, Proton offers more than just Proton Pass and Proton Authenticator, and its paid plans reflect that. A Proton Unlimited account for individuals costs $9.99 per month or $119.88 per year in the U.S. Proton Duo is for two users and costs $19.99 per month or $179.88 per year. Proton Family is for six users and costs $29.99 per month or $287.88 per year. And there are business plans as well.

Other password managers to consider

Everyone has opinions about which password manager to use. And though I use and recommend Proton Pass, other high-quality and frequently recommended password managers you can consider include:

1Password. 1Password is probably the most popular password manager, but I have no idea why. I find it confusing to use thanks to its quirky interface, and it requires a master password and a lengthy and complex secret key in addition to a username, which makes setting it up and using it ponderous. 1Password is not free; in fact, it’s the most expensive option listed here. It costs $4.99 per month for individuals and $7.99 per month for families, but you can save money by paying annually: Individual is $35.88 per year and the Families plan is $53.88.

Bitwarden. Bitwarden is the only password manager with a free tier that challenges Proton Pass, though it is more complex and perhaps best for technical users. The free version of Bitwarden works across incudes all the core features, including passkey management, and it works on an unlimited number of devices. The Premium ($1.65 per month billed annually at just $19.80) and Family (up to 6 users, $3.99 billed annually at $47.88) tiers add an integrated authenticator (which you should not use), file attachments, emergency access, security reports, and other additional features. Because Bitwarden is available in a free tier, it’s easy enough to try. But I do recommend paying for it if you do use it as the cost is negligible and a good value.

Dashlane. Dashlane is superior to 1Password and much easier to use, but there’s no free tier. Dashlane Premium is for individuals, costs $4.99 per month or $30 annually, and provides a passwordless login option I very much prefer if you start a new account. Dashlane Family supports up to 10 accounts and is $89.88 per year and offers the same features as Dashlane Premium except for a VPN.

While I don’t recommend this, I understand that many will take the path of least resistance and just use the free password manager provided with their mobile or desktop OS or web browser. There are only two I can sort of recommend, however:

Google Password Manager. Google’s solution is integrated into Android and its Chrome web browser. You can use Chrome on any desktop platform, so you’re covered there. And you can use the Chrome mobile app on iPhone and iPad and configure it as your autofill provider everywhere, including apps.

Microsoft Password Manager. Microsoft’s solution is integrated into its Edge web browser. You can use Edge on any desktop platform, so you’re covered there. And you can use the Edge mobile app on iPhone and iPad and configure it as your autofill provider everywhere, including apps.

⚙️ Properly configure your password manager

If you’re getting started with a new password manager, you will need to create an account, install and sign in to its apps and web browser extensions, and export your passwords from your previous password manager and import them into the new one. You will also protect your password manager with some form of MFA, most likely via an authenticator app.

These processes vary by solution, but the most important first steps include:

Mobile app. You will install the mobile app for your password manager on your phone and tablet, configure it as the autofill provider for passwords, and disable any other password managers.

Web browser extension on desktop. You will install the extension for your password manager in every desktop web browser you use and then disable your browser’s built-in password management and autofill capabilities.

Desktop app. You might install the desktop app for your password manager in Windows, Mac, or Linux, if available. And while I don’t recommend that for day-to-day use, the desktop app is useful for going through that one-time password triage I describe below because it’s bigger and easier to see, and you need to focus during this process. (It can also be used to sign in to apps in Windows, at least, though this is rarely supported and unusual enough to not worry about.)

Mobile configuration

When you install and configure your password manager app on Android, iPhone, or iPad, it may prompt you to configure it for password autofill across apps and websites on that device. But you can always do so manually, and you should disable any other password managers that may be configured for this use.

The easiest way to find this interface is to open the Settings app on your mobile device and search for autofill. Then, in the search results that appear, choose the item related to password autofill.

Web browser configuration on desktop with extension

When you install and configure your password manager extension in your web browser, it will begin providing autofill notifications when you have to sign in to a website. But you should also disable your browser’s built-in password manager and autofill-related features.

This varies by browser, but here are the instructions for Chrome and Edge.

In Google Chrome settings:

• Navigate to Autofill and passwords > Google Password Manager > Settings and uncheck “Offer to save passwords and passkeys,” “Sign in automatically,” and “Use Windows Hello when filling passwords.”
• Navigate to Autofill and passwords > Payment methods and uncheck “Save and fill payment methods,” “Card benefits,” and “Allow sites to see if you have a payment method saved.”
• Navigate to Autofill and passwords > Addresses and more and uncheck “Save and fill addresses.”

In Microsoft Edge settings:

• Navigate to Passwords and autofill > Microsoft Password Manager and uncheck “Ask to save passwords and passkeys.” Then, click “More settings” and uncheck “Autofill passwords and passkeys,” “Scan passwords for leaks,” “Show ‘Reveal password’ button,” and “Suggest strong passwords.”
• Navigate to Passwords and autofill > Payment methods and uncheck “Save and fill payment methods,” “Show Buy now, pay later option on sites when you shop,” “Show express checkout on sites when you shop,” and “Allow sites to see if you have saved payment methods.”
• Navigate to Autofill and passwords > Addresses and more and uncheck “Save and autofill addresses.”

Properly protect your password manager

Your password manager is an online account like any other and it can—and should—be protected using the same MFA methods that other important online accounts support. But it’s not just that. You will also configure your password manager to be secure in use, meaning that you will authenticate yourself as needed when accessing the sensitive information it contains.

This varies by solution, of course. But the most common options include:

Account security. Most password managers require you to sign in to their app and web browser extension using a login (username/password) and then some additional method. That additional method can be a secret key or a second password, an MFA method like an authenticator app or security key. And some let you sign in with a passkey. I recommend that you simply remember your login credentials, but you should also back them up in a secure way, perhaps using a text file in OneDrive Personal Vault or another secure service, or via another password manager. I also recommend configuring an authenticator app like Proton Authenticator.

Unlock. When you need to use your password manager to access a login (username/password), passkey, credit card, or other information, you can configure an Unlock (or similar) option that requires you to use your device’s biometric authentication capabilities, a PIN, or a password. (Or you can require none of that and rely on the security of the device itself and your own vigilance.)

? Next steps

Switching to a new password manager and properly configuring a new or existing password manager can be a time-consuming process. There’s a lot more to do here, including some advice about using your password manager day-to-day on mobile and desktop, using your password manager’s best features to properly secure all the online accounts it protects, and removing your passwords and other information from your previous password managers. This can feel overwhelming, so I’ve split this article into two parts and will publish the second one in the coming days.

More soon.