Here’s the uncomfortable math: the average person has 100+ accounts and a human memory that holds maybe five good passwords. The gap gets filled with reuse — and reuse, not hacking-movie wizardry, is how real accounts get taken. One breached site leaks your email+password combo; bots try it everywhere; whatever else shares that password falls. A password manager exists to break exactly that chain.
What it actually does
A password manager is an encrypted vault that generates a long, random, unique password for every site, remembers them all, and fills them automatically. You memorize one strong master password; it handles the other hundred. Crucially, autofill also quietly protects against phishing — the manager fills credentials only on the real domain, so a perfect fake login page gets conspicuous silence.
“But isn’t one vault a single point of failure?”
The fair question. Answers: the vault is encrypted with your master password, which reputable managers never store — even a breach of the company yields attackers only ciphertext (this has been tested in practice, with mixed-but-instructive results across vendors). Protect the vault with a strong master passphrase and two-factor authentication, and the practical risk sits far below the certain, ongoing risk of reused passwords. Perfect is not on the menu; dramatically better is.
Your three real options
The built-ins (Google Password Manager, Apple Passwords). Free, already on your devices, vastly better than nothing, and Apple’s now stands alone as a proper app. Limitation: friction across ecosystems — Apple’s manager on Windows/Android is workable but clunky, and vice versa. If your whole life is one ecosystem, the built-in is a legitimate answer.
Dedicated managers (1Password, Bitwarden, and peers). Cross-platform everything, better sharing for families and teams, breach monitoring, and richer storage (cards, documents, 2FA codes). Bitwarden’s free tier is the standout budget answer; 1Password is the polish pick at a few dollars monthly. This is the right answer for most people reading this.
Passkeys, increasingly. The passwordless login standard is spreading fast, and every manager above stores passkeys too. You don’t choose between them — the manager is where both passwords and passkeys live.
Migration without misery
Don’t attempt a weekend of changing 100 passwords; you’ll quit at eleven. Instead: install the manager and its browser extension and phone app; import what your browser already saved; then upgrade passwords opportunistically — each time you log into something, let the manager replace the password with a generated one. Prioritize day one for the four that matter most: email (the master key to every reset), banking, your Apple/Google account, and your main social accounts. Within a month, coverage happens on its own.
The two rules that make it work
Make the master password a long passphrase — four-plus random words beats every clever substitution scheme — and never reuse it anywhere. Then turn on two-factor for the vault itself. From that point on, your security posture improves with literally every login, which is the rare security tool that gets easier the longer you use it.
Related reads
- How to Extend Android Battery Life: 12 Settings That Actually Work
- How to Make Your iPhone Battery Last Longer: A No-Myths Guide
- How to Speed Up a Slow Laptop: The Fixes That Work (and the Ones That Don't)