A password manager is a type of software you can use to generate, store, and autofill strong passwords, along with other frequently used information, such as credit card numbers. With the help of a password manager, you only need to remember one master password to access your encrypted virtual vault.
Proton Pass is an end-to-end encrypted open-source(new window) password manager. Proton team members can't see your vault data, including data like URLs, or your master password.
Proton offers a fully-usable free version of Proton Pass.
Open source, End-to-end encrypted and Zero-knowledge encrypted. Bitwarden team members can't see your vault data, including data like URLs, or your master password.
Bitwarden offers a fully-usable free version of Bitwarden Password Manager.
You will have one master password for the password manager. It is of utmost importance, that you will take good care of this password. When creating the master password, it should be:
Two-factor authentication (2FA) provides a valuable additional layer of security for your account. One of the most common and secure ways to achieve 2FA is using an authenticator app on your smartphone.
Not so common, but really secure 2FA method is using a hardware key like YubiKey.
You can also use biometric authentication, such as fingerprint or face.
When you first set up 2FA for your Password manager, they should provide several one-time use recovery codes. Save these codes in a secure place and do not lose them.
If you lose your device, you can enter these codes instead of the 6-digit code usually provided by an authenticator code app.
If you have a hardware key, it is recommended to have a backup hardware key linked to the account in case you lose the primary key.
Many browsers, such as Chrome or any Chromium-based browser (Edge, Opera, and Brave), Firefox, Safari, Vivaldi, Tor and DuckDuckGo offer to save passwords to their built-in password managers. However, these are usually built with ease-of-use first over security, leaving your passwords vulnerable in case an attacker manages to breach your device. Many infostealer malware look first for any passwords stored in browser built-in password managers. Here are instructions on how to disable built-in password managers.
You should make your password manager (Proton, Bitwarden, or whichever you use) as default password manager in your browser.