Set up a password manager

Tools · about 15 min · Everyone — the safety net behind every other account

A password manager remembers a unique strong password for every account so you don’t have to — and it’s the safest place to store your MFA recovery codes.

FFC commonly uses LastPass; Bitwarden is an excellent free alternative. Either is fine — pick one and use it for everything.

One strong master password, everything else generated

You memorize exactly one password — the manager’s master password. It then generates and stores a different strong password for every site. Make the master password long and memorable, turn on MFA for the manager itself, and never reuse it anywhere.

  1. 1

    Create your account

    Install LastPass or Bitwarden (browser extension + phone app) and create an account. Choose a strong, memorable master password — if you forget it, no one (not even support) can recover your vault.

  2. 2

    Turn on MFA for the manager itself

    Your password manager is the keys to everything, so secure it with an authenticator app too (see the MFA guide).

  3. 3

    Let it save and generate passwords

    As you sign in to sites, let the manager save the password. When creating new accounts, use its generate password button for a strong unique one.

  4. 4

    Store your MFA recovery codes here

    Create a secure note in the vault for each account’s recovery codes (from the MFA setup). This is what saves you when you lose or replace your phone.

    Passwords + recovery codes in one secured, backed-up vault = you can recover any account from any device.

Next setup guides

Multi-factor authenticationGitHub account

Stuck on any step? Text Clarke Moyer at (520) 222-8104 — every step is meant to be simple, so if something doesn't match what you see, ask.