Every few weeks, we hear the news that another major website has been hacked. Often these hacks mean your personal information has also been compromised. Recently, that happened with LastPass, a password management service that we once recommended. In this updated post, we cover the reasons why you should use a password manager like Bitwarden to protect your online identity, and how to get started with it — a free, open-source password manager.
Passwords & Online Security Best Practices
Most websites rely on a simple login process for a user to gain access to their account — a username and password.As an online security best practice, you need to have long, complex and unique password for every web account you use.
Strong passwords need to be:
- Long — The more characters in a password, the longer it would take a hacker to guess your password.
- Complex — By adding additional characters to your password you add complexity or password entropy. Password entropy is a measurement of how unpredictable a password is, based on the character set used (a combination of lowercase, uppercase, numbers, and symbols) as well as password length. Basically, your password needs to be something you could never pronounce.
- Unique — You need a different password for every web account you use. Yep, that’s right. Every login on every website needs to be unique and never reused.
Unfortunately, in the real world, meeting all three criteria for strong passwords is basically impossible without the use of a password manager.
Why Use a Password Manager? The Nightmare Scenario
So why is having a long, complex, unique password important for your website?
If you use the same email address and password for multiple websites that you log into, what happens when one of those websites gets hacked?
In this scenario, your email address and password will be shared by criminals and used to try to log into other websites where you may have an account. If you use the same email address and password for all your websites, hackers could log into all your accounts at once.
Once your password has been compromised, you now have the challenge of updating your information individually on every single website that has the same login information. Do you even remember them all? If you use the same email and password again on each one, you’re probably going to have to repeat this process again in the future.
Don’t Use Common Passwords
Here’s Nordpass’s list of the most common passwords of 2023. Do you recognize any of them?
|1. password||11. 1234567||21. D1lakiss|
|2. 123456||12. 1234||22. 1q2w3e4r5t|
|3. 123456789||13. 1234567890||23. 110110jp|
|4. guest||14. 000000||24. 1111|
|5. qwerty||15. 555555||25. 987654321|
|6. 12345678||16. 666666||26. 121212|
|7. 111111||17. 123321||27. Gizli|
|8. 12345||18. 654321||28. abc123|
|9. col123456||19. 7777777||29. 112233|
|10. 123123||20. 123||30. azerty|
Password Managers vs. Browser Password Storage
A Password Manager such as Bitwarden not only remembers your login information — it also helps you generate long, complex passwords and stores them and other information securely.
Bitwarden vs. Other Password Managers
There are several excellent options for Password Managers available:
Ultimately, using any one of these password managers is a good choice, but we recommend Bitwarden because it is free, open source, and offers the most value in its free and paid features.
Getting Started with Bitwarden
In this next section, we’ll cover how to get started with Bitwarden.
1. Create a Free Account
- First, head over to bitwarden.com and click the View Plans & Pricing button in the header.
- Next, select the Personal tab and click the Create Free Account button.
- Then fill out the registration form and walk through the steps to create your account.
2. Create Your Master Password
The most important part of this process is creating your master password. This password is the master key to all the other passwords you add to your account. It’s the only one you need to know, so make it memorable but strong.
Example: Al@b@m@Cr!ms0nT!d3 (No that’s not my real password!)
All your information is encrypted based on this Master Password. Not even LastPass can access your info without it – so don’t lose it!
3. Visit Your Vault
Your vault is where you keep all your most important information secure, including website logins, form fills, and secure notes. Access the vault by clicking the Bitwarden icon in your browser and choosing My Vault.
What you can do with the Bitwarden vault:
- Add sites and secure notes.
- Search and sort logins into folders easily.
- Access your prepopulated auto-form fills.
4. Set Up the Bitwarden Browser Extension
Go here to download Bitwarden software. Then select the items you want — they’re all free. Along with the browser extensions, you may want to get the Bitwarden mobile and desktop apps too.
- Download and install the extension for every browser you use.
- Next, look for the Bitwarden icon appearing in your browser next to the search bar when it’s active.
- Finally, log into Bitwarden through your browser, and it is ready to save new login credentials!
5. Import Existing Passwords
If you’ve been using your browser or another password manager like LastPass to store passwords, you can usually import them into Bitwarden easily.
- Export your existing passwords.
- Click the “Tools” menu item while logged into your Bitwarden account.
- Then click Import data.
- Select the appropriate importer from the dropdown menu and follow the prompts to upload your existing passwords into Bitwarden.
Once you’re no longer using a browser to save and manage your passwords, be sure to turn this feature off in the browser. You’re using Bitwarden for this purpose from now on, and you don’t need your browser to do the same job anymore.
If you’re not sure how to do this, just Google something like How to turn off password saving in Chrome. You can also use your browser’s internal search tool to find these settings.
How to Use Bitwarden to Store and Access Logins and Other Information
Adding Logins to your Bitwarden Vault Automatically
- Whenever you log into a website that is not yet saved in LastPass, it will prompt you with a request to add the site to your Bitwarden Vault. Click Add and your login will be saved for future use.
- When you register a new account on a website, Bitwarden recognizes this process and will ask you if you want it to store the new login information in your vault.
Adding Logins, Cards, Identities, and Secure Notes Manually
This is particularly useful to save credentials for the occasional non-standard login form that isn’t recognized by Bitwardens’ automatic detection system.
- First, add a site manually by clicking +Add Item in your Bitwarden web account or the +Add icon in the My Vault tab in your browser.
- Then select Login as the type of information you want to save and follow the prompts for entering it. You can organize your login credentials in folders if you wish.
Pre-Filling Website Logins
- Once your account credentials for a website are stored in Bitwarden, when you visit that site again, the Bitwarden icon will display a notification bubble in your browser that indicates the number of logins you have there.
- Click the icon and select your login to pre-fill the login form.
How to Automatically Fill a Form
Set Up Auto-Form Filling
- Without opening your Bitwarden browser extension, you can right-click on any kind of form input field on any site to access the Bitwarden > Auto-fill option.
- Then, in the Bitwarden Vault, you can select types of saved information in the left menu: Login, Card, Identity, or Secure note, and set up your information under the appropriate type.
- You will be able to select this saved information when you encounter a form on the web.
Filling Forms Automatically
- Once your information is set up in the Auto-fill settings, Bitwarden will place a form-filling notice below any web form field it can fill.
- Next, click that notification, and your form will be filled with the appropriate information from your vault.
Six Nifty Things You Can Do Once You Set Up Bitwarden
1. Generate a Strong Password
If you ever need to generate a strong password, just go to Tools > Generator in your Bitwarden account or click the Bitwarden icon in your browser and then the password generator icon.
You can define the password length and the kinds of characters that are allowed.
2. Test Your Password Strength
Try Bitwarden’s Password Strength Testing Tool to evaluate any password before you use it. For premium account users, Bitwarden will check the “health” of all the passwords stored in your vault. Their Data Breach report is also free for everyonbe and will tell you if any of your information has been stolen on the web.
3. Start Using Secure Notes
Secure notes allow you to save information other than website logins securely in your Bitwarden Vault.
- You can store driver’s license info, passport numbers, and other vital information as a note and also upload attachments like photos for each one.
- Since secure notes are accessible on a mobile device as well, this is an excellent way to make your most important information available to you anywhere — securely.
- To set up a note, open your Vault and click Secure notes in the left menu. Add as many as you like!
4. Set Up Sharing
You can share some or all of your saved logins with other users by setting up an Organization and adding (or inviting) other users to join it as Members. To add more than one Member you will need to pay for a higher-tier premium account.
5. Set Up Emergency Access
What happens to all your online accounts if you get hit by a bus? By giving trusted friends or family emergency access to your LastPass account, you can allow them to access your account after a pre-defined wait time. This is also a premium feature.
- In your Bitwarden account, go to Settings > Emergency Access in the left menu.
- Next, click the +Add emergency contact button and follow the directions.
6. Set Up Two-Factor Authentication for Your Master Password
As an added measure to a strong Master Password, you should really set up two-factor authentication by using Bitwardens’ own authenticator or one of several other industry-standard two-factor authentication options.
- To set up two-factor authentication, access your Account Settings, and then choose the Security option on the left and finally the Two-step login tab.
- Finally, select your preferred provider(s) and set it up.
Bitwarden Free vs. Premium
As you can see, Bitwarden’s free account has everything you need to securely store and autofill passwords on all your devices, which is where it differs from LastPass. LastPass doesn’t offer multi-device support for free.
Like LastPass and other password managers, Bitwarden does require a paid, premium account to share your passwords and other vault data with more than one person. These come in all kinds of Personal/Non-Business tiers starting at just a few dollars a month. Business plans cost more, as they should: you are paying for security and peace of mind around a critical, potentially show-stopping, business function.
I personally like how Bitwarden makes user access control simple and prominent in its interface. It feels a lot like Dropbox. And when you know you are paying for the users you trust to share your accounts with, you are much more likely to take on the necessary duty of care and manage those users carefully.
If Passwordless Login is the Future, Are Password Managers Doomed?
We’ve written elsewhere about passkeys replacing passwords to make digital accounts far more secure and simple to access — without any passwords. Passkeys are a brilliant new feature of iThemes Security Pro, which brings them to WordPress sites and their user authentication process. It’s inevitable that more and more people will use things like MacOS’s Keyring with passkeys on devices with a biometric login feature, like all new Apple devices. We’ll use passkeys to log into WordPress sites, our bank accounts, and everything — including our password managers like Bitwarden.
There’s going to be a need to securely store and share passwords and other information — including passkeys — for a long time to come. Lower security sites may not adopt passkeys quickly, but they’re certain to become the standard that replaces passwords. Sharing passkeys across different platforms will require a secure way to manage who has access to what and for how long. We probably will — and surely should — become more focused on access management in the future than we have in the era of passwords. We’ll be able to focus on the who, not the what — the person not a random sequence of characters. Those things, “passwords,” will be gone — and good riddance.
Dan Knauss is StellarWP’s Technical Content Generalist. He’s been a writer, teacher, and freelancer working in open source since the late 1990s and with WordPress since 2004.