Password Managers, Explained
The single biggest security upgrade most people can make – what they do, how to pick one, and how to switch in an afternoon.
Why Reused Passwords Are the Real Danger
When any website leaks, attackers immediately try the leaked email-password combos on email providers, banks and shops. If you reuse passwords, one forum breach from 2019 can open your inbox today. A password manager ends this: every account gets a unique 20-character random password, and you remember exactly one.
How to Choose One
- Zero-knowledge encryption: the company itself cannot read your vault – this is the baseline, and any serious provider documents it.
- Independent security audits published in the last two years.
- Works everywhere you do: phone, laptop, every browser – autofill friction is why people give up.
- Secure sharing if you share streaming or household accounts.
- Breach alerts that warn when a saved password shows up in a leak.
- Price: excellent options exist from free to a few dollars a month; built-in browser managers (Apple, Google) are decent free starting points too.
Switching in One Afternoon
- Pick a manager and create a master passphrase of 4-5 random words – test its strength with our checker.
- Import passwords from your browser (every manager has a one-click import).
- Fix the big four first: email, banking, main social account, main shopping account – generate new unique passwords for each.
- Turn on two-factor authentication for the manager itself and your email.
- Fix remaining accounts lazily, whenever you next log in.