nullpay.
Back to toolkit
IdentityQuick win15 minall

Password Manager

Risk

The risk

Why this matters

Without a password manager, you're reusing passwords or using weak ones. Credential stuffing attacks exploit exactly this — breached passwords from one site tried everywhere else. A password manager is the highest-leverage privacy tool you can adopt.

Recommended tools

What to use

Bitwarden
BitwardenOSSFree

Open-source, audited password manager. Free tier is generous.

KeePassXC
KeePassXCOSSFree

Offline-first, local-only password manager. Maximum control.

Proton Pass
Proton PassOSSFree

E2E encrypted password manager from the Proton ecosystem. Swiss.

KeePassDX
KeePassDXOSSFree

KeePass-compatible manager for Android. Offline, open-source.

Setup guide

How to set it up

  1. 1

    Choose Bitwarden (cloud sync) or KeePassXC (local only)

  2. 2

    Set a strong master password — long passphrase, not complex gibberish

  3. 3

    Enable 2FA on the password manager itself

  4. 4

    Install browser extension and mobile app

  5. 5

    Start migrating existing passwords — change reused ones first

  6. 6

    Export and encrypt a backup of your vault