The Bitwarden Blog
A better password workflow with Bitwarden
So, you've finally decided to take the plunge and work with a password manager. If this is your first time with such a tool, congratulations on choosing to work with stronger, safer passwords. Since you're new to this realm, I thought it would be a good idea to help you understand how the optimal password manager workflow functions. Not only is it easier than you think, but it does also require an approach that some might consider a bit "reverse" to the norm.
Let me explain.
Even though you are coming at the password manager fresh out of the gate, that doesn't mean you have a blank slate with passwords. In fact, you probably already have a lot of passwords to deal with (which might be the reason that brought you here in the first place).
Problem is, those passwords you already have are probably weak. You have them all memorized and you might even reuse the same password over and over and over and over (which is never a good idea).
What this means is that you might be coming at your new password manager with the idea of adding all those old (insecure) passwords to your vault and continuing on.
That's not the best approach.
Consider this: You go to create a new account in Bitwarden. Say it's for your bank. You already have your account username and password, so you create a new entry, add your credentials, save it and move on.
Ask yourself this: Is that password for your bank really strong or is it easily memorized (ergo, easy to crack)? If you’re like most people, it probably falls on the side of easier to memorize and easier to crack.
The ideal workflow for a password manager goes something like this:
You need to create a new account for a website, service, or app.
Before you do so, you open Bitwarden and create a new entry in your vault.
In the new entry, you add the username you plan on using for the account.
Next, you use the random password generator to create a strong password for the account.
Save the entry.
Go to the website, service, or app and enter your username and then copy/paste the newly-generated random password created by Bitwarden into the password field for the new account.
What you've done is ensure that, right out of the gate, you're using a very strong password for your new account. Do this every time you need to create new credentials for a website and you can be sure that login will be far more challenging to hack than if you had used one of your own (easily memorized and hackable) passwords.
But what if you've already created your account and you're only now adding it to Bitwarden? Here's what you do:
Create the entry for the website, service, or app in Bitwarden.
In the Notes section, add your original password in the entry (in case you forget it).
Use the random password generator to create a strong and unique password.
Save the entry.
Log into your account using the old password.
Change the password in your account to the new stronger entry (created by the Bitwarden random password generator).
Once you verify you can log in with the new password, delete the old password from the Notes field.
And there you go, a Bitwarden workflow that ensures you're using the strongest passwords for your accounts (be they old or new) that won't have you confused or going back to your old, non-password-manager ways.
Jack Wallen is an award-winning author and avid supporter of open source technologies. He has covered open source, Linux, security, and more for publications including TechRepublic, CNET, ZDNet, The New Stack, Tech Target and many others since the 1990s in addition to writing over 50 novels.
On this page
Back to Blog