Day 8
Why You Need a Password Manager in 2025
Day 8: Why You Need a Password Manager in 2025
So, let’s be real: you’ve probably got way too many logins to remember. Streaming services, shopping sites, random apps you tried once… yeah, same. And using one password for all of them? That’s like locking every door in your house, thinking you’re secure, then handing out copies of the key to strangers.
Today, we’re fixing that by setting you up with a password manager - your new best friend for keeping track of strong, unique passwords without stressing you out. We’re setting up one of the easiest and most powerful security upgrades you can make: a password manager.
What’s up S’mores! I’m Shannon Morse, and welcome back to Day 8 of the 30-Day Security Challenge, where we take back control of your digital privacy one day - and one password - at a time.
If you’re following along, make sure to subscribe so you don’t miss the next video. You can grab the full 30-Day Challenge checklist and notes over at ShannonRMorse.com.
Step 1: Why Password Managers?
The average person has hundreds of online accounts - from streaming apps to shopping sites to banking. If you’re using the same password across multiple sites (or even slight variations of it), a single data breach can expose everything. That’s where password managers come in. They’re like a digital safe that stores all your passwords securely - and they can generate super-strong, unique passwords for every account you have.
And yes, I know what some of you are thinking - “Wait, I’m trusting one app with all my passwords?!”
Totally valid concern. But when used correctly, a password manager is far safer than trying to remember or reuse passwords. You only have to remember one master password, and the app does the rest. That means no more sticky notes on your monitor, no more reusing “P@ssw0rd123,” and no more “Wait, did I use an uppercase J or lowercase j on this site?” or having to ask someone in the house where the password notebook is and oh lord - let’s not even get into how stressful it is when someone loses the password notebook.
So a password manager is two things combined that rarely get combined. It’s convenience and security, all in one place.
Step 2: But Wait, Aren’t Password Managers Risky?
Good question - and yes, you are trusting a company to protect your most sensitive data.
That’s why choosing a reputable password manager matters.
They come in a few flavors:
Cloud-based: Easy to use, syncs across devices (think Bitwarden, 1Password, Dashlane).
Local-only: Stores everything on your own computer, totally offline (like KeePassXC).
If you’re the DIY privacy type, local options are the most secure. But if you want convenience and cross-device syncing, a cloud-based manager might be the best fit.
Step 3: Choose the Right Password Manager
Let’s start by picking one that works best for you.
Here are some of the most trusted options in 2025:
Bitwarden - My top pick for open-source transparency and cross-platform syncing. Offers free and premium tiers, and you can even self-host it.
1Password - Sleek, user-friendly, and packed with modern features like passkey support and travel mode (which hides sensitive accounts when crossing borders).
Proton Pass - From the ProtonMail team. Encrypted, simple, and great for privacy-first users.
Dashlane - A polished, beginner-friendly option that works great across devices, with built-in dark web monitoring.
KeePassXC - Completely offline, open-source, and ultra-secure - perfect if you prefer local control and don’t need cloud sync.
Google Password Manager - Works in Chrome browser and Android devices. Not great for cross platform but is really easy to setup and works seamlessly on mobile.
Apple’s Passwords - Works on Apple devices. Works seamlessly if you only use Apple devices, and has the ability to save passkeys as well as passwords.
And yes, LastPass is still around, but I personally moved away from it long ago, and they also had a breach in 2022. They’ve since patched things up, but it’s worth researching and deciding what you’re comfortable with.
Whichever you pick, make sure it supports:
✅ End-to-end encryption
✅ Zero-knowledge architecture
✅ Multi-device sync (if you prefer a cloud option)
✅ Two-factor authentication (bonus points for hardware key support, and bonus bonus points if it accepts passkeys for login and can save passkeys for authenticating with websites)
Step 4: How to Set One Up
Getting started takes just a few minutes:
Pick your manager. Choose one of the ones I mentioned or grab a different one if you prefer.
Create a strong, unique master password. This unlocks your entire vault - so make it long, complex, and memorable.
Turn on two-factor authentication for your password manager account. If you can, choose a hardware security key with MFA or a passkey to login.
Import or manually add your logins.
Start using the password generator tool to replace old, weak passwords with strong new ones.
And just like that, you’ve upgraded your security.
If you’re finding this video helpful, a subscribe would me a lot to me. Subscribing is a simple and free way to support creators on youtube!
So if you’re following along with the challenge, hit that subscribe button and turn on notifications so you don’t miss tomorrow’s video. You can grab the full checklist and daily recap at ShannonRMorse.com.
BIG Patreon shoutout to to my smores! You can join them and support my channel by going to patreon.com/shannonmorse for perks like early video access and my private discord!
As usual, all the videos on my channel are free to watch, and I thank my youtube members and patrons for making that possible.
Step 5: My Personal Strategy
I’ve been using a password manager for over a decade now, and honestly? I’d never go back.
I currently use one of those above options and I usually look for a manager that supports passkeys, integrates across devices, and still has local encryption options. I also need some kind of family syncing for me and Mr. Snubs and strong options for password generation and autofilling.
But I also keep a few critical passwords - like my email, bank, and social accounts - memorized and separate. That way, if anything ever happened to my vault, my core accounts stay protected. Each of these are completely unique, long, and weird.
I also recommend reviewing your stored passwords occasionally. If you see duplicates or weak ones, update them.
Step 6: Master Password Pro Tips
Your master password is the only one you’ll have to remember - so make it strong and memorable.
Skip short or complex gibberish like J!9X$w@82 and instead go for a passphrase - something long, unique, and personal.
Think: tacos-breathe-moonlight-penguin-party
Random, long, and way harder to crack.
Your master password is the key to your vault, so don’t store it anywhere digital - write it down on paper and stash it in a secure place, like your safe or password notebook.
Step 7: Import and Update Your Accounts
Once your manager is set up, it’s time to start filling it up. If you’ve been saving your passwords in a notebook or via a spreadsheet, you can create new listings in your password manager for all those accounts and save them. If you’re already using an older password manager, see if it has an option to export your vault as that will save tons of time with importing them into your new manager.
Start by logging into your most used accounts. As you log in, let your password manager save each one. If your old passwords are weak or reused, use the “Generate New Password” tool to replace them.
Aim for passwords that are long, including symbols and numbers or phrases. Over the years, the National Institute of Technology has kept updated recommendations publicly available for passwords, and at time of recording, they recommend that passwords be TLDR: prioritize length over complexity, recommend a minimum length of 12-16 characters for passphrases, and discourage mandatory password resets.
And don’t worry - you don’t need to do them all in one sitting. Add a few each day, and within a week or two, your vault will be in great shape.
Step 8: Secure Your Vault
Now that you’ve got a vault full of precious passwords, let’s protect it like Fort Knox.
✅ Turn on two-factor authentication (2FA) for your password manager itself.
✅ If it supports hardware keys (like YubiKey), set those up for even stronger protection.
(Quick plug for my channel sponsor: Yubico. They aren’t sponsoring today’s video but I use their products to secure my accounts. Their YubiKeys are my go-to for securing password managers, email, and cloud accounts … because even if someone steals your password, they can’t log in without your physical key. You can grab one at Yubico.com.)
✅ If your manager offers biometric unlock, this is a convenient and secure option as well.
Step 9: Bonus! Browser Extensions & Mobile Apps
Make your password manager part of your daily workflow. Install the browser extension so it can autofill passwords and generate new ones on the fly. Then, download the mobile app so you can access your vault on the go.
Modern password managers use encrypted syncing - so even if you’re saving passwords between your laptop and phone, they’re never exposed in plain text.
And if your manager offers passkey support (which most do now), go ahead and enable it. Passkeys are the next evolution of authentication - they use cryptographic keys instead of passwords, making phishing attacks virtually impossible.
Step 10: A Few Smart Tips
Never reuse passwords. Ever.
Enable autofill only on sites you trust.
Regularly back up your vault if you’re using an offline manager.
And for the love of privacy - don’t store your master password anywhere digital. Write it down, keep it safe, and memorize it.
Passkeys integration! Many password managers support passkeys directly.
Local-first or hybrid storage models: e.g., Bitwarden and Proton Pass use open-source, end-to-end encrypted storage with self-hosting options.
Data-breach monitoring is sometimes a feature available in managers.
Also, be wary of password-manager phishing clones like fake Chrome extensions or look-alike sites.
🌐 2025 Update: Passkeys, AI, and the Future of Passwords
Let’s talk about what’s new.
AI is creeping into password managers - offering breach alerts, smart password health reports, and even auto-updates for compromised accounts. These can be useful, but make sure the AI runs locally or within encrypted storage, not through cloud analysis.
And that’s it for Day 8!
You now have a tool that keeps your passwords strong, unique, and easy to manage - and your brain officially has one less thing to stress about.
Tomorrow, we’re diving into creating stronger passwords and passphrases.
Make sure you’re subscribed so you don’t miss it, and grab your 30-Day Security Challenge checklist at ShannonRMorse.com.
I’m Shannon Morse, stay smart, stay secure, and I’ll see ya tomorrow, S’mores!