Process published — nice work
What you do next determines whether this becomes real training. Pick one:
Your Progress
0 of 6 steps completedStep-by-Step Instructions
1 Step 1: Pick a password manager
Step 1: Pick a password manager
Three solid choices: Bitwarden (free, open-source), 1Password (premium, best UX), or built-in browser managers (Chrome/Safari/Firefox).
Bitwarden (free or $10/yr)
Open-source, audited. Free tier covers all real needs. Premium adds 2FA storage. ~$10/yr.
1Password ($36/yr individual)
Best UX, best mobile app, family plans. The 'just works' premium pick. ~$36/yr.
Apple Keychain (built-in, Apple only)
Free, integrated. Limited to Apple ecosystem. Acceptable if you're all-Apple.
2 Step 2: Pick a strong master password
Step 2: Pick a strong master password
This is the ONE password you must remember. Make it 4-6 random words ('correct horse battery staple' style). Length beats complexity.
Diceware passphrase (4-6 random words)
Roll dice, pick words from a list. Strongest practical password. Use eff.org's diceware list. Free.
Long passphrase you'll remember
Memorable sentence > random characters. 'My dog Cooper turned 7 in March!' is stronger than 'Tr0ub4dor&3'.
Write it on paper, store in safe (acceptable)
Most realistic threat model: forgetting it, not someone breaking into your home safe. Paper backup is fine.
3 Step 3: Import existing passwords
Step 3: Import existing passwords
Browser exports + manager imports work seamlessly. Bitwarden and 1Password both have CSV import. Use your browser's password export feature, then import.
Chrome: chrome://password-manager → export
Export to CSV. Import into your manager. Then delete the CSV from your computer.
Safari: System Settings → Passwords → Export
Same idea. Export, import, delete the file.
Import wizards in Bitwarden/1Password
Both have built-in import for every browser and competing manager.
4 Step 4: Change reused passwords (the security win)
Step 4: Change reused passwords (the security win)
Use your manager's 'breached passwords' or 'reused passwords' tool. Change them to unique generated passwords starting with the most important accounts (email, bank).
Bitwarden Reports / 1Password Watchtower
Both tools scan and show which passwords are reused, weak, or breached. Fix top of list first.
Start with email (highest leverage)
Email = password reset for every other account. Make this strong + unique first.
Generate 20+ character passwords
Long random passwords. The manager handles the typing forever after.
5 Step 5: Install browser extension + mobile app
Step 5: Install browser extension + mobile app
The manager fills passwords automatically only when installed everywhere. Browser extension, iPhone/Android app, and any desktop apps you use.
Browser extension (Chrome/Safari/Firefox)
Auto-fills login forms. The biggest convenience win.
Mobile app (autofill enabled in settings)
iPhone: Settings → Passwords → AutoFill. Android: built-in.
6 Step 6: Enable 2FA on critical accounts
Step 6: Enable 2FA on critical accounts
Two-factor auth (text code or app code) prevents account takeover even if password leaks. Enable on email, bank, and any account with payment info.
Authy or Google Authenticator (free)
App-based 2FA codes. More secure than SMS. Free.
YubiKey hardware key (most secure)
Physical security key. Phish-proof. ~$50.
Backup codes saved offline
Each 2FA site provides backup codes. Print and store in a safe place — lose phone, you need these to recover.
Want to create your own processes?
Document your business workflows, train your team, and stop repeating yourself. Free to start.