Bitwarden Setup Guide: How to Get Started with the Best Free Password Manager
Bitwarden is the gold standard for free, open-source password management. This step-by-step guide walks you through installing Bitwarden, importing your existing passwords, enabling two-factor authentication, and using it effectively across all your devices.
Recommended: We use and recommend Bitwarden — free, open-source, and trusted by millions.
Why Bitwarden Is the Best Free Password Manager in 2026
If you're still reusing passwords or storing them in a browser, you're one data breach away from a serious problem. Bitwarden solves this completely — and unlike LastPass, 1Password, or Dashlane, the core product is genuinely free, fully open source, and independently audited. That means security researchers worldwide can inspect the code, verify the encryption, and hold the developers accountable in ways that closed-source products simply cannot match.
Bitwarden uses AES-256 encryption with PBKDF2-SHA256 key derivation (configurable up to 600,000 iterations). Your master password never leaves your device in readable form. Even Bitwarden's own servers cannot decrypt your vault — this is called zero-knowledge architecture. When NordPass, 1Password, and Bitwarden were independently tested by security firm Cure53 in 2023, Bitwarden received the highest marks for cryptographic implementation.
This guide walks you through every step: installing Bitwarden on all your devices, importing passwords from your browser or old manager, setting up two-factor authentication, and using advanced features most people never discover. By the end, your password security will be stronger than 95% of internet users.
Step 1: Create Your Bitwarden Account
Go to bitwarden.com and click "Get Started Free." Choose a strong master password — this is the only password you'll need to remember from now on. Bitwarden recommends at least 12 characters; we recommend 16+ using a passphrase (four random words like "correct-horse-battery-staple" are easier to remember and harder to crack than "P@ssw0rd123!").
Use our free password generator to create a master password you can actually remember — turn on the "words" mode and generate a 4-5 word passphrase. Write it down on paper and store it somewhere physically secure. If you lose your master password, Bitwarden cannot recover your vault — this is by design and a feature, not a flaw.
When selecting your account email, use your primary email address. Bitwarden will send a verification email — click the link to confirm. Your free account includes unlimited passwords, unlimited devices, and sync across all platforms. The premium tier ($10/year) adds advanced 2FA options, 1GB encrypted file storage, and Bitwarden Authenticator (TOTP) built-in.
Step 2: Install Bitwarden on Every Device
Bitwarden's strength is its cross-platform availability. Install it everywhere so you're never tempted to reuse a password because it's "too much hassle" to look it up.
- Browser Extension: Available for Chrome, Firefox, Safari, Edge, and Brave. Go to your browser's extension store and search "Bitwarden." After installing, pin it to your toolbar and log in. This is what you'll use most — it auto-fills passwords on websites.
- Desktop App: Download from bitwarden.com/download for Windows, macOS, and Linux. The desktop app is useful for generating passwords without a browser and managing vault organization.
- Mobile App: Available on iOS (App Store) and Android (Play Store or direct APK). After installing, go to Settings → Autofill → enable "Auto-fill Service." On iOS, go to Settings → Passwords → Password Options → select Bitwarden.
- Web Vault: Access vault.bitwarden.com from any browser on any device — useful on shared or work computers where you can't install software.
Once installed on all devices, sign in with your email and master password. Your vault syncs automatically — any password saved on your phone appears immediately on your desktop and vice versa.
Step 3: Import Your Existing Passwords
Don't start with an empty vault. Import your existing saved passwords in a few minutes rather than re-entering everything manually. The process varies by source:
From Chrome/Edge/Brave: Open your browser, go to Settings → Passwords → click the three-dot menu → Export passwords. Save the CSV file. In Bitwarden web vault, go to Tools → Import Data → select "Chrome (csv)" from the dropdown → upload the file. Delete the CSV immediately after importing — it contains all your passwords in plain text.
From Firefox: Go to about:logins, click the three-dot menu → Export Logins. Same process in Bitwarden — select "Firefox (csv)."
From LastPass: Log in to LastPass → Account Options → Advanced → Export → LastPass CSV File. In Bitwarden, select "LastPass (csv)."
From 1Password: Open 1Password → File → Export → All Items → 1PUX format. Bitwarden supports 1PUX import directly.
From iCloud Keychain: On iPhone, go to Settings → Passwords → tap the three dots → Export All Passwords. Import into Bitwarden using "Safari (csv)."
After importing, Bitwarden will show you how many items were imported. Review the list and delete any test accounts, outdated logins, or duplicates. This is also a good time to check the Vault Health Reports (premium feature) or manually flag weak and reused passwords for updating.
Step 4: Enable Two-Factor Authentication
Two-factor authentication (2FA) on your Bitwarden account means that even if someone steals your master password, they still can't access your vault without your second factor. This is non-negotiable for a password manager — it protects all your other accounts.
Free 2FA options (available to all accounts):
- Authenticator App (Recommended): Go to Account Settings → Security → Two-step Login → Authenticator App → Manage. Scan the QR code with Google Authenticator, Authy, or any TOTP app. This is the most secure free option.
- Email OTP: Bitwarden sends a 6-digit code to your email. Less secure than an authenticator app but better than nothing.
Premium 2FA options:
- YubiKey / FIDO2: Hardware security keys are the most phishing-resistant option. Insert the key and tap it to authenticate — nothing to type, nothing to intercept.
- Duo Security: Enterprise-grade push notifications for teams.
After enabling 2FA, Bitwarden will show you emergency recovery codes. Save these in a safe physical location — if you lose your 2FA device and don't have recovery codes, you'll be locked out permanently. Store them separately from your master password.
Step 5: Using Bitwarden Day-to-Day
The browser extension is where you'll spend most of your time. Here's how to use it effectively:
Auto-fill: When you visit a login page, click the Bitwarden icon in your toolbar. If a matching entry exists, click it to fill the username and password automatically. You can also right-click on a password field → Bitwarden → Auto-fill. Configure a keyboard shortcut (default: Ctrl+Shift+L / Cmd+Shift+L) for one-keystroke filling.
Saving new passwords: When you log into a site for the first time, Bitwarden will show a banner asking "Do you want to save the login?" Click Save. For sites where this doesn't appear, click the extension icon → + New Item → fill in the details manually.
Generating passwords: When creating a new account, click the password field → right-click → Bitwarden → Generate Password. Set the length (use 20+ characters), include symbols and numbers, and click "Generate." The password is automatically copied to clipboard and saved when you complete registration.
Vault organization: Use Collections (premium) or Folders (free) to organize entries. Common folders: Work, Personal, Finance, Social Media, Shopping. Organized vaults are faster to search and easier to audit.
Step 6: Enable Emergency Access and Sharing
Bitwarden Premium includes Emergency Access — a way to designate a trusted contact who can request access to your vault if you're incapacitated. This is important for family members or business partners who may need access to shared accounts in an emergency.
To set it up: Account Settings → Emergency Access → Add Emergency Contact → enter their email. Choose "View" access (they can see passwords) or "Takeover" access (they can reset your master password). Set a wait time (recommended: 7 days) — if you don't deny the request within that window, they gain access. This prevents malicious requests while ensuring access in genuine emergencies.
For family password sharing, Bitwarden Organizations allows up to two users on a free plan to share an encrypted vault. Families of up to 6 can share for $3.33/month. This is significantly cheaper than alternatives: 1Password Families costs $4.99/month, LastPass Families is $4/month.
Bitwarden vs. Alternatives: Quick Comparison
| Feature | Bitwarden Free | Bitwarden Premium | NordPass | 1Password |
|---|---|---|---|---|
| Price | Free | $10/yr | $1.49/mo | $2.99/mo |
| Unlimited passwords | ✅ | ✅ | ✅ | ✅ |
| Unlimited devices | ✅ | ✅ | ✅ | ✅ |
| Open source | ✅ | ✅ | ❌ | ❌ |
| Hardware 2FA | ❌ | ✅ | ✅ | ✅ |
| Travel mode | ❌ | ❌ | ❌ | ✅ |
| Security audit | Cure53 (2023) | Cure53 (2023) | Cure53 (2023) | ISE (2018) |
Advanced Features Worth Enabling
Vault Timeout: Go to Settings → Vault Timeout. Set it to lock after 15 minutes of inactivity on desktop, and immediately on browser close. This prevents someone with physical access to your computer from accessing your vault.
Clipboard Clearing: After Bitwarden copies a password to your clipboard, enable auto-clear after 30 seconds (Settings → Options → Clear Clipboard). This prevents passwords sitting in clipboard history indefinitely.
Password History: Bitwarden stores the last 5 versions of each password. If a site update breaks a login and you need your previous password, right-click the entry → View → Password History. Invaluable when sites don't confirm password changes clearly.
TOTP Storage (Premium): Premium users can store TOTP secrets alongside login credentials. This means your 6-digit authenticator codes are generated directly in Bitwarden. Convenient, though security purists prefer keeping 2FA codes in a separate app to maintain true two-factor separation.
Send: Bitwarden Send lets you share encrypted text or files with anyone via a link — the recipient doesn't need a Bitwarden account. Useful for sharing a Wi-Fi password or sensitive document securely. Links can be set to expire and require a password.
Recommended Tools
Bitwarden is our top free recommendation, but if you want more polish or family/team features, consider NordPass (zero-knowledge encryption, excellent UI, free tier available) or 1Password for families and teams — it has the best sharing features and a Travel Mode that hides selected vaults at border crossings.
See our full security tools guide for more recommendations on password managers, VPNs, and antivirus software.