How to Set Up a Password Manager (Step by Step)

Adopting a password manager converts your weakest security habit, reused passwords, into one of your strongest. If you are still deciding which to use, our guide to the best password managers covers the options; this guide assumes you have chosen one and walks through the setup, step by step.

Step 1: Create your account and master password

Install the manager and create your account. The only password you now need to remember is the master password, so make it strong and memorable. The best approach is a passphrase of four or five random, unrelated words, which is both easier to recall and harder to crack than a short string of symbols. Do not reuse a password you have used anywhere else. Until it is firmly in memory, write it on paper and keep it somewhere safe, then destroy the note once you know it.

Step 2: Secure the manager itself

Your vault now protects everything, so protect the vault. Turn on two-factor authentication for the password manager in its security settings, ideally using an authenticator app or a hardware security key rather than text messages. If the manager provides a recovery code or emergency kit, save it somewhere safe and offline. This is the one account where it is worth taking a few extra minutes.

Step 3: Import what you already have

Most of us already have passwords saved in a browser. Every good manager can import them in a couple of clicks, which gives you an instant starting vault. Once the import is complete, go into your browser settings and turn off its built-in password saving and delete the stored passwords there, so there is one source of truth and nothing left behind in a less protected place.

Step 4: Fix your most important passwords first

Do not try to update every account in one sitting. Start with the accounts that matter most: your primary email, your bank, and anything tied to money or identity. For each, log in, use the manager to generate a new long random password, and save it. These few accounts deliver most of the protection, so doing them first means you are meaningfully safer within the first hour.

Step 5: Let it work as you go

From here, the job finishes itself. Each time you log in to a site over the following weeks, let the manager offer to save the login, and when prompted, replace any weak or reused password with a generated one. Most managers include a health or watchtower feature that lists your weak, reused, and breached passwords; work down that list in spare moments. Within a month, with no painful marathon session, your accounts are individually protected.

Step 6: Install it everywhere

Finally, add the manager to every device and browser you use, so your passwords are filled in automatically wherever you are. This convenience is what makes the habit stick: when the secure option is also the easy option, you never drift back to reusing passwords. Test how strong your new generated passwords are, if you like, with our browser-based password strength checker.