Bitwarden for Beginners

Passwords are often the only thing standing between a hacker and your online accounts. This guide will introduce you to using Bitwarden to create strong, unique passwords. As a bonus, we’ll show how password managers can also help you save time when filling out login screens and online forms. It’s an easy way to make browsing the web easier, faster, and more secure.

Why it’s a good idea to use unique passwords

I don’t think I need to convince anyone that passwords are annoying. It’s hard to remember them, so everyone uses the same password for all of their accounts. You know this, I know this. But hackers also know this.

If you use the same password everywhere, a hacker only needs to get your password once in order to break into many of your online accounts. And it seems like every week, we hear about a massive new password breach. (Think about how we learned that all of Yahoo’s 3 billion accounts were breached.)

Imagine if an attacker used your single, easy-to-remember password to access your health care records, your home address, credit card numbers, or your social security number. To minimize the damage from a breach, you should use unique passwords on each account. But it can be a challenge to remember each password.

Enter password managers

Password managers make it easy to remember a single password, and still have long, unique passwords on all of your accounts. How is this possible? You use just one password to unlock your secure password “vault.” From your vault, you can quickly fill out login forms on all of your devices.

A few password managers are usually recommended by security specialists, including Bitwarden, KeePassXC, and 1Password. I wrote a guide on 1Password for beginners, as well as KeePassXC for beginners. For now I am focusing on Bitwarden, a free and simple password manager recommended by specialists.

Bitwarden

Bitwarden enables you to sync your passwords across all of your devices using the same password vault. It also has browser extensions that allow you to automatically fill out passwords in your browser. It’s easy to use. Bitwarden is free, but for $10 / year, you can unlock some additional features, such as encrypted file backups.

Go to vault.bitwarden.com and press the “Create Account” button. Type in your email address, and name.

Next you’ll create the master password that unlocks your password database. This is the only password that you need to remember. It needs to be a *really* good one, so it’s much more difficult to guess.

Consider using a long password with upper- and lower-cased letters, numbers, and symbols. Alternatively, use a passphrase — a phrase that only you are likely to remember. Unusual passphrases can help to make them more memorable. Take national security whistleblower, Edward Snowden’s example: “Margaret Thatcher is 110% sexy.” It’s long, has upper- and lower-cased letters, numbers, symbols, and spaces. And it’s hard to forget. The more random your passphrase is, the better.

Press “Submit” when you have chosen your password. This will bring you to your password vault, where you can store your passwords.

A screenshot of an empty Bitwarden password vault.
A screenshot of an empty Bitwarden password vault.

But before we do that, take one more step to secure your account: set up two-step login. With two-step login, to log into your account it will require a second piece of information beyond the password, such a temporary code sent to your phone.

Go to “Settings” and navigate to “Two-step login.” From here, you can enable an authentication method, such as an Authenticator app. (If you do not have an Authenticator app already, consider you can get started by downloading Google Authenticator or Authy on your mobile device.)

Screenshot of Bitwarden’s two-step login settings page, including multiple options for authentication tools.
Screenshot of Bitwarden’s two-step login settings page, including multiple options for authentication tools.

For your preferred two-step login method, press “Manage” and follow the instructions.

Be sure to also click “View Recovery Code” This backup code is important — it will help you get back into your account, if you ever lose access to your two-step login device. Write down or print out this code and keep it somewhere that is safe and memorable to you.

Chances are, Bitwarden supports your favorite operating system. On the Bitwarden website, click “Download” (Alternatively download Bitwarden here on your devices.) For mobile devices, you can also search for Bitwarden in the Google Play store or the App Store.

Bitwarden will automatically sync your passwords across each device after you log in.

Once the app is opened, log in by entering your username and master password. (Again, it’s the only way to get into your vault, so don’t forget it!) You can use the same login process on your mobile device.

Bitwarden is a strong standalone application, but it becomes truly powerful once you use browser extensions to automatically fill out forms online. You can use the Bitwarden extension on most major browsers. You can download the Bitwarden extension for your browser here.

Look for the Bitwarden extension’s shield logo. Extensions normally appear to the right of your search bar. (Chrome users may need to click the puzzle piece icon to access it.) When you find it, you will be asked to log in one more time.

Screenshot of the Bitwarden extension, right after it has been installed.
Screenshot of the Bitwarden extension, right after it has been installed.

Try logging into any page you normally visit. A Bitwarden prompt will pop up, and ask if you’d like to save your credentials. Click “Yes, Save Now” to add the new credentials to your Bitwarden vault.

Screenshot of an example webpage, with a Bitwarden prompt offering to save a password after it has been entered.
Screenshot of an example webpage, with a Bitwarden prompt offering to save a password after it has been entered.

Once your browser extensions are installed, you can use keyboard shortcuts to automatically fill out login credentials. You can auto-fill using this keyboard shortcut in your browser.

Windows users: Ctrl + Shift + L
Mac users: Command + Shift + L
Linux users: Ctrl + Shift + L

Alternatively you can click the Bitwarden extension and have it auto-fill passwords for you.

An animation of a user clicking on the Bitwarden extension, selecting the login credentials for an example webpage, and automatically populating the password field to log in.
An animation of a user clicking on the Bitwarden extension, selecting the login credentials for an example webpage, and automatically populating the password field to log in.

But the real benefit of Bitwarden is to allow you to generate long, randomized passwords that you don’t need to remember. Consider changing the passwords on the websites you visit most often, and updating them in Bitwarden. The application will offer to update your login information after you change your password.

To make randomized passwords for a website, open the extension and click “Add a Login” (You can also press the large plus button to add a website manually.) You can customize your randomized password to make it as short or long as you want, or add specific characters.

An animation of clicking the Bitwarden extension, customizing a randomized password, and automatically filling it into an online form during account creation.
An animation of clicking the Bitwarden extension, customizing a randomized password, and automatically filling it into an online form during account creation.

Use the application to randomize your passwords when making new accounts, and change your old passwords to stronger, random passwords when possible.

The main downside of Bitwarden

Once you’ve set up Bitwarden, it can be very annoying to log in without it (e.g., if you want to log in on your friend’s computer). If you know you’re going to frequently use a password on a computer that does not have your Bitwarden information, you may want to commit the password to memory rather than randomizing it.

You’re up to speed with Bitwarden. I hope this has been helpful! If you have any questions, feel free to reach out here, or on Twitter at @mshelton.

Updated March 1, 2021.

Writing about security for journalists, as well as beginners. Principal researcher at @freedomofpress. freedom.press/training

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store