Using A Password Manager: The Best Way To Start

The key is to be methodical and not to get overwhelmed. You don't have to transition all your accounts at once β€” it's a marathon, not a sprint.

Using A Password Manager: The Best Way To Start

Congratulations for deciding to store your passwords outside of your mind! I’ve helped several people start using a Password Manager, and while for some it was a smooth process, others had difficulty get on board. Especially when you have a lot of online accounts, the task can seem overwhelming.

The goal is to have all your passwords updated to stronger passwords and saved in the Password Manager. The best approach is to be methodical and go about it in phases instead of switching all at once. Start with updating and saving passwords for your most sensitive accounts, then move to the least sensitive ones.

This method is relatively agnostic to which password storage solution you’ve chosen β€” the same applies to a paper notebook, your Internet browser’s built-in password manager, or a dedicated Password Manager.

Setup Your Password Manager

The first step is to setup your Password Manager so it’s ready for use. In this article I assume you’ve already chosen where to store your passwords. If you haven’t yet, I invite you to read this article first: Reusing Passwords Is The Worst, But It’s Easy To Fix.

If you’ve decided on a paper notebook, you can mostly ignore the technical aspects of this article and focus on the method.

How to set up your Internet Browser for saving passwords

If you’ve opted for your Internet browser’s built-in password manager, make sure you have done these few steps:

  1. Install your browser of choice on all the devices you want to access your passwords from: desktop and laptop computers, mobile devices, tablets.
  2. Sign into the browser (create an account first if you haven’t yet) on all of your devices; this is allow to sync your passwords across devices.
    • On Chrome, sign into Chrome with your Google account.
    • On Firefox, sign into Firefox with your Firefox account.
    • On Safari, the sign in is automatic through your Apple device itself (MacOS or iOS) via your Apple ID, so there is nothing else to do. Safari stores passwords in “iCloud Keychain” and they sync automatically across your Apple devices.
  3. Set your browser to remember and auto-fill passwords in your settings if it’s not already the case (it is the case by default).
    • On Chrome, activate the option “Offer to save passwords” (screenshot)
    • On Firefox, check the box “Ask to save logins and passwords” and all other boxes below (screenshot). You will be prompted to enter your Primary Password at this stage.
      • Take a minute to choose a strong password (16 characters or more) that is unique (never used by you). Write it down on a post-it for later.
    • On Safari, it automatically offers to save passwords so there is nothing to do.
  4. Set your browser to sync passwords across devices (it should already be the case by default)
  5. On your mobile devices, enable Autofill. This allows your passwords to be available to log into apps even outside of your browser.

Your browser is ready to be used for storing your passwords.

How to set up your Password Manager

If you’ve decided to use a dedicated Password Manager, there are a few things to get ready before you can use it. There are different companies offering Password Managers, but they work very similarly. We will use LastPass as an example here.

Here is a list of steps, and you can watch the videos below for details:

  1. Create an account at LastPass: https://lastpass.com/create-account.php
  2. Choose a master password carefully
    • Minimum 16 characters.
    • Easy to type, as it’s the only password you will need to type regularly.
    • Make sure it’s unique. Do NOT reuse a password you’ve used before.
    • You can use several words adding symbols, e.g. “HORSES are 3500% slower than ROCKETS”
    • Write it down somewhere safe (with pen and paper). At least temporarily, it’s a good idea to read it regularly to imprint it into your memory. When you’re comfortable you know it, you can destroy the paper.
  3. After your account is created, download and install the LastPass browser extension and log into it.
  4. Install the LastPass mobile app on your mobile devices and log into it.
  5. If you’re on iPhone/iPad, you need to allow LastPass to autofill your passwords. See the video below or here for instructions.

You are now ready to start using your Password Manager!

Initial account setup

Sign up and set up (7m36s)

Setup on mobile

Setup on iPhone/iPad (40s)
Setup on Android (5m42s)

Make a List of Your Most Sensitive Accounts

The next step is to make a simple list of your most sensitive online accounts. These are the accounts you want to protect the most because they contain a lot of personal sensitive information, or/and they can easily be used to impersonate you.

Use a simple paper or digital document for this task, however you prefer. It’s partly a personal decision what you consider a “sensitive” account, but for example here is what I would add:

  • Email accounts
  • Financial institutions (banks, investment portfolios, but also Venmo, Paypal, etc.)
  • Service ecosystems such as Google, Apple ID, Microsoft
  • Medical services
  • Government services (IRS, DMV, etc.)
  • Social networks
  • Cell phone provider
  • Big online retailers (Amazon, Walmart, Etsy, etc.)
  • Any other account that’s essential to your activity. For example, if you’re a graphic designer, you may want to add your Adobe account. If you maintain a website you care about, add it to that list. Etc.

Change The Passwords Of Your Sensitive Accounts

This part of the process is the most tedious. Take an hour in your day, put some background music or a show you like, and get to it.

One by one, you will log into each website on your list and change your password. For each new password, use the Password Manager to generate a random password for you, and save it in your Password Manager.

If you’re using a paper notebook, make sure to create strong passwords for each account. You can use this online tool to generate random passwords for you: LastPass Password Generator

And repeat, repeat, until you’ve gone through the entire list.

Good job! Your sensitive accounts are now out of reach of most hackers. You can relax πŸ™‚

For Less Sensitive Accounts, Go With The Flow

For online accounts you don’t consider sensitive, there is less urgency to change their password. It is still a good idea, but it can be done over time.

Keep your Password Manager active (stay logged in) during your online activities, and it will offer to save the login credentials when you log in to a website. Slowly but surely, you’re building your “password vault”.

Occasionally, go through the list of accounts in your vault and select ~5 accounts that you consider the most sensitive accounts of your less sensitive accounts, and change their password to a newly generated one.

Or if you prefer, whenever you log into an account that you know still has a weak/reused password, make it a discipline to go change the password.

Whichever approach you prefer is fine, as long as you actually change your passwords over time. For some accounts, you may also consider deleting them entirely if you don’t need them anymore.

Passwords Update Checklist

Here is a simple checklist that I used with someone I helped, feel free to use it or create your own β€” you get the idea. I added another column for “Sensitive but less urgent” accounts. She found it useful to distinguish the accounts which passwords she had to update right away, and those she could come back to a little later.

Sensitive And Urgent to Protect

  • Gmail
  • Yahoo Mail
  • Apple ID
  • Wells Fargo
  • Fidelity
  • Facebook
  • Twitter
  • Dropbox
  • myDMV
  • AT&T
  • Amazon
  • Ebay
  • Blue Cross Blue Shield
  • &nbsp
  • &nbsp

Sensitive But Less Urgent

  • Comcast
  • PG&E
  • United Airlines
  • Airbnb
  • Costco
  • Wikipedia
  • Geico
  • Etsy
  • GitHub
  • &nbsp

Less Sensitive

  • Everything else…

Google Doc template: Passwords Update Checklist (this link will create a copy)

A note for mobile-only users

If you access the Internet primarily through mobile devices, using a Password Manager is more complicated for you.

It’s easy to autofill your passwords from your Password Manager on your phone, but it’s not as convenient to create new accounts with new passwords from your phone. I personally avoid doing so because it’s so much more convenient from my desktop computer.

Updating your passwords and saving them as you transition to a Password Manager is frankly boring. But trying to do it on a mobile device is a recipe for headache. Don’t make it harder for yourself: try to find a desktop computer to do this.

Different Methods, Same Result

I shared a method that I personally used and that I’ve seen work with others. If you don’t have many online accounts, you may want to update them all at once. But if you have hundreds like me, or if the thought of updating your passwords and adding them to your Password Manager feels like a chore, I recommend a phased approach.

In the end, if a different method works better for you, go for it. The goal is to reach a place where most/all your passwords are 1) unique and 2) saved in your Password Manager. Only then does it become a system you can trust and rely on.