Step-by-step setup for 1Password and Bitwarden: vault organization, master passphrase, browser extensions, team sharing, and migrating saved passwords.
How to Set Up a Password Manager for Your Business (1Password or Bitwarden)
TL;DR: Using a password manager protects your business from credential stuffing attacks, eliminates password reuse, and allows secure credential sharing with your team. This tutorial covers both 1Password ($4/month/user) and Bitwarden (free or $3/month/user): account setup, vault organization (Personal, Business, Shared), creating a strong master passphrase, installing the browser extension, generating unique 16+ character passwords for all accounts, migrating from browser-saved passwords, and setting up team sharing.
You are sharing passwords in a Slack DM. Or a Google Doc. Or a text message.
I see this with almost every small business I work with. Contractors get a list of logins in an email. The team shares one Gmail password that has not changed since 2021. The company Stripe account is accessed with the same password as the owner's Netflix account.
This is not a hypothetical risk. Credential stuffing -- where attackers take username/password combinations leaked from one breach and test them across hundreds of other sites -- is the most common form of account takeover. Your email provider got breached in 2023 (statistically speaking, they did). If that password is the same one protecting your PayPal, your ad accounts, and your email platform, you are one automated script away from losing everything.
A password manager solves this problem completely. It generates unique, 16+ character passwords for every account, stores them securely, and fills them in automatically. You only need to remember one password: your master passphrase.
This tutorial gets you set up in under an hour.
Why Password Managers Matter: The Numbers
Before we get into setup, a brief case for why this matters for your specific situation:
- 81% of data breaches involve stolen or weak credentials (Verizon Data Breach Investigations Report)
- Credential stuffing attacks attempt billions of logins per day using lists of leaked username/password pairs
- The average person reuses passwords across 14 sites -- meaning one breach exposes 14 accounts
- A 16-character unique password generated by a password manager is effectively impossible to crack via brute force
- Account takeover of your ad account is particularly devastating: attackers run fraudulent ads to your audience and credit card until your account is suspended or drained
For business owners managing ClickFunnels, Stripe, Meta Ads, email platforms, hosting accounts, domain registrars, and a dozen SaaS tools, the number of high-value accounts you need to protect is significant. A password manager is not optional at this point -- it is foundational infrastructure.
1Password vs. Bitwarden: Which One Is Right for You?
Both are excellent. The choice comes down to budget and priorities.
1Password
Price: $2.99/month (personal) or $4.99/month/user (Teams)
Best for: Teams that prioritize polish, excellent support, and seamless browser integration
Standout features:
- Travel Mode (temporarily hide sensitive vaults when crossing borders)
- Watchtower (alerts you when a site you use has been breached)
- Excellent browser extension for Mac/iOS/Chrome
- Business plan includes admin controls, activity logs, and SSO integration
Limitations:
- No free tier (14-day trial only)
- Slightly higher cost than Bitwarden
Bitwarden
Price: Free (personal, unlimited devices) or $3/month/user (Teams)
Best for: Solo operators, cost-conscious businesses, and anyone who wants open-source transparency
Standout features:
- Completely free for personal use with unlimited passwords and devices
- Open source -- the code is publicly audited
- Self-hosting option for organizations with strict data requirements
- Organizations plan at $3/user/month for team sharing and admin controls
Limitations:
- UI is slightly less polished than 1Password
- Team administration features are less mature than 1Password's
Bottom line:
- Solo operator on a budget: Bitwarden free
- Small team that wants the best experience: 1Password Teams
- Mid-size team or enterprise: Either, with 1Password having an edge on admin controls
The rest of this tutorial covers both tools. Follow the section for whichever you choose -- the vault organization and passphrase principles apply equally to both.
Part 1: Setting Up 1Password
Step 1: Create Your Account
- Go to 1password.com and click "Try free for 14 days"
- Enter your email address and create your account
- Critical step: Download your Emergency Kit PDF immediately when prompted. This contains your Secret Key -- a unique 34-character string that is required to sign in to 1Password on a new device. Store this PDF in a secure physical location (a locked filing cabinet or fireproof safe). Do not store it only in the cloud.
- Create your Master Password. See the Master Passphrase section below for guidance.
Step 2: Download the Desktop App
- Download the 1Password app from 1password.com/downloads for your operating system (Mac, Windows, Linux, iOS, Android)
- Sign in with your email, Secret Key, and Master Password
- The desktop app is your primary management interface
Step 3: Install the Browser Extension
- In the 1Password app, go to Settings > Browser and click "Install Browser Extension"
- Alternatively, search for "1Password" in the Chrome Web Store, Firefox Add-ons, or Safari Extensions
- Click the 1Password icon in your browser toolbar and sign in
- The extension fills in passwords automatically when you visit a site where you have saved credentials
Step 4: Organize Your Vaults
1Password uses "Vaults" to organize credentials. Create three vaults:
Personal Vault (default, already exists):
Use for personal accounts -- personal email, personal banking, streaming services, personal social media. Do not mix business and personal credentials.
Business Vault:
Use for all business-critical accounts -- your domain registrar, hosting, email platform, ClickFunnels, Stripe, Meta Business Manager, Google Workspace admin, accounting software. These are the accounts that must never be compromised.
Shared Vault (for team access):
Use for credentials your team needs -- shared social media accounts, tools your VA accesses, client project management tools. Only add people to this vault who genuinely need access.
To create a new vault: In the 1Password app, click the + button next to "Vaults" in the left sidebar. Name it, and choose who has access.
Part 2: Setting Up Bitwarden
Step 1: Create Your Account
- Go to bitwarden.com and click "Create Account"
- Enter your email, name, and create your Master Password (see the Master Passphrase section below)
- Bitwarden does not use a separate Secret Key -- your Master Password is the only credential, which makes it simpler but means your passphrase must be very strong
Step 2: Download the Desktop App
- Go to bitwarden.com/download and download the desktop app for your operating system
- Sign in with your email and Master Password
- The desktop app provides full vault management
Step 3: Install the Browser Extension
- Go to the Bitwarden website and click "Browser Extension" under the download section, or search for "Bitwarden" in the Chrome Web Store
- Click the Bitwarden icon in your browser toolbar and log in
- Enable "Auto-fill on page load" in extension settings for the best experience: click the extension icon > Settings > Options > Enable auto-fill on page load
Step 4: Organize Your Collections
Bitwarden uses "Collections" (on paid plans) or folders (on free plans) to organize credentials.
Free plan folder structure:
- Business - Critical: Domain, hosting, payment processor, email platform
- Business - Marketing: Ad accounts, analytics, social media
- Business - Operations: CRM, scheduling, project management
- Personal: Personal accounts, separated from business
Paid Organizations plan (for teams):
Collections work similarly to 1Password vaults -- you can share a specific collection with specific team members. Set up collections for different access levels (admin-only, team-shared, contractor-accessible).
To create a folder: In the web vault (vault.bitwarden.com), click Folders in the left sidebar and then the + icon.
Part 3: Creating Your Master Passphrase
This is the most important decision in this entire setup. Your master passphrase protects everything else. If it is weak, the rest of the effort is pointless.
What Makes a Strong Master Passphrase
DO NOT use:
- A single dictionary word
- Your pet's name, child's name, or birthday in any combination
- A password you use anywhere else
- A simple pattern like "Password1!" or "Summer2026!"
- Anything under 16 characters
DO use:
- A passphrase (multiple random words strung together) rather than a password (a string of characters)
- Minimum 16 characters -- aim for 24+
- A mix of unrelated words with separators
The Diceware Method
The most reliable way to create a strong, memorable passphrase is the Diceware method:
- Get a physical die (or use an online random number generator)
- Roll the die five times to get a 5-digit number
- Look up the number in the Diceware word list (freely available at diceware.com)
- Repeat 5-6 times to get 5-6 random words
- String them together with separators
Example result: `correct-horse-battery-staple-lunar-cave`
This is a 35-character passphrase that is cryptographically random, memorable in a way that pure character strings are not, and effectively impossible to brute-force.
Alternatively, use the passphrase generator built into 1Password: when creating a new password, select "Memorable Password" or "Passphrase" from the generator options and set it to 5+ words.
Write Your Master Passphrase Down (Yes, Really)
Write your master passphrase on a physical piece of paper and store it in a secure location -- a fireproof safe, a safe deposit box, or a locked filing cabinet. Do not store it only digitally. If you forget your master passphrase and cannot recover it, your vault is permanently inaccessible.
Memorize it within the first week. Once memorized, you can destroy the written copy if you prefer.
Part 4: Generating Strong Passwords for All Your Accounts
With your manager set up, go through every business account and replace existing passwords with generated ones.
How to Generate a Password in 1Password
- Click the + button to add a new item
- Select the item type (Login, for most accounts)
- Click the Password field
- Click the password generator icon (looks like a circular arrow)
- Set it to: 16+ characters, with numbers, letters, and symbols
- Click "Fill" to use the generated password
- Go to the site, update your password to this generated one, and save the entry
How to Generate a Password in Bitwarden
- Click the + button to add a new item
- Click the Password field
- Click the generator icon at the end of the password field
- Set length to 16+ characters, enable numbers and special characters
- Click "Select" to use the password
- Go to the site, update your password, and save
Priority Order for Password Updates
Start with the accounts that would cause the most damage if compromised:
Week 1 -- Critical accounts:
- Primary business email (Google Workspace or your domain email)
- Domain registrar (where your domain name is registered)
- Web hosting or funnel platform (ClickFunnels, WordPress host)
- Payment processor (Stripe, PayPal)
- Business banking login
- Meta Business Manager (controls your ad account)
- Google Analytics / Google Ads
- Email marketing platform (ActiveCampaign, ConvertKit, etc.)
Week 2 -- High-value accounts:
- CRM and sales tools
- Project management (Asana, Notion, ClickUp)
- Cloud storage (Google Drive, Dropbox)
- Video conferencing (Zoom)
- Scheduling tools (Calendly)
Week 3 -- Remaining tools:
- Social media accounts (Instagram, LinkedIn, Twitter/X, YouTube)
- Design tools (Canva, Adobe)
- Communication tools (Slack, Loom)
- Any other SaaS subscriptions
Part 5: Migrating from Browser-Saved Passwords
If you have been saving passwords in Chrome, Safari, or Firefox, here is how to migrate them.
Exporting from Chrome
- In Chrome, go to Settings > Passwords (or chrome://password-manager/passwords)
- Click the gear icon (Settings) in the top right of the Password Manager
- Click "Export passwords"
- Enter your device password to confirm
- Save the CSV file to your desktop
Importing into 1Password
- In 1Password, go to File > Import
- Select "Chrome" from the list
- Select your exported CSV file
- Review the imported items and move them to the appropriate vault
- Delete the CSV file from your computer immediately after import (it contains your passwords in plain text)
Importing into Bitwarden
- Go to the Bitwarden web vault at vault.bitwarden.com
- Click Tools > Import Data
- Select "Chrome (csv)" from the format dropdown
- Choose your exported CSV file
- Click "Import Data"
- Delete the CSV file from your computer immediately after import
After Migrating
- In Chrome: go to chrome://password-manager/settings and turn off "Offer to save passwords" and "Sign in automatically." The password manager handles this now.
- In Safari: go to Settings > Passwords and export/clear saved passwords, then disable auto-save.
- Review all imported items and update any weak or reused passwords using the generated password process above.
Part 6: Setting Up Team Sharing
If you have a team, contractors, or a VA, here is how to share credentials securely -- without ever sending a password in plain text.
1Password Team Sharing
- Upgrade to 1Password Teams at 1password.com
- Go to My Profile > Manage Account > Invite People
- Enter your team member's email and set their role (Member vs. Manager)
- They receive an invitation email and create their own 1Password account
- Add them to the appropriate vault: go to the vault, click Manage Access, and add the team member
- They can now see and use credentials in that vault but cannot see your Personal or Business vaults
Best practice: Create one shared vault per access level. Your VA gets the "Contractor" vault. Your business partner gets the "Admin" vault. They see only what they need.
Bitwarden Organization Sharing
- In the Bitwarden web vault, click your name in the top right and select "New Organization"
- Enter the organization name and choose a plan (Teams or Enterprise for sharing)
- Click Members > Invite Member and enter your team member's email
- Assign them to the appropriate collection
- They accept the invitation, create a Bitwarden account, and gain access to the shared collection
What Team Members Can and Cannot Do
With proper vault/collection setup:
- Can do: Use shared credentials to log in to tools. View passwords (only if you allow it). Generate new items in shared vaults.
- Cannot do: Export the entire vault. Access your personal vault. See credentials they were not explicitly given access to. Know your Master Password.
Frequently Asked Questions
What if I forget my master password?
For 1Password: your Emergency Kit contains your Secret Key. If you also forget your Master Password, 1Password has an account recovery process using your Secret Key plus a recovery email. This is why the Emergency Kit must be stored securely offline.
For Bitwarden: if you forget your Master Password and have not set up an Emergency Access contact, your vault is inaccessible. Bitwarden cannot recover your password because they do not have it -- this is by design. Set up Emergency Access with a trusted contact who can approve an emergency request.
Is it safe to have all my passwords in one place?
Yes -- safer than the alternative. A properly configured password manager uses zero-knowledge encryption: the company cannot see your passwords even if they wanted to. Your data is encrypted with your Master Password before it leaves your device. The risk of "all eggs in one basket" is much lower than the risk of reused, weak passwords across dozens of sites.
Should employees have their own accounts or share a company account?
Each employee should have their own individual account (their own login, their own master passphrase). They access shared credentials through a shared vault or collection. Never create one "company account" that everyone logs into with the same credentials -- this defeats the purpose and means you cannot revoke one person's access without changing credentials for everyone.
Can I use a password manager on my phone?
Yes. Both 1Password and Bitwarden have iOS and Android apps that integrate with Face ID/Touch ID for quick unlock. Install the app, log in once, and enable biometric unlock. The app's built-in autofill feature works with mobile Safari, Chrome, and most apps.
What about two-factor authentication?
A password manager handles passwords. Two-factor authentication (2FA) is a separate layer. You should have both. See our guide on [how to enable two-factor authentication on every account](/tutorials/how-to-enable-two-factor-authentication-on-every) for the complete setup process. Both 1Password and Bitwarden can also store your 2FA codes (TOTP tokens), which is convenient but slightly reduces the security benefit of 2FA -- consider a dedicated 2FA app like Authy for your most critical accounts.
Key Takeaways
- Credential stuffing is the most common form of account takeover -- unique passwords for every account are your primary defense
- 1Password ($4/month/user) is best for teams prioritizing experience and support; Bitwarden (free) is best for cost-conscious solo operators
- Create a 16+ character passphrase using the Diceware method -- not a short password with substitutions
- Store your Emergency Kit (1Password) or write your master passphrase on paper and keep it in a physical secure location
- Organize into three vaults: Personal, Business, and Shared
- Start migrating with your most critical accounts first: email, domain, payment processor, ad accounts
- Delete the CSV export immediately after importing to your password manager
- Each team member gets their own account -- share access through vaults, not shared credentials
What to Read Next
- [How to Enable Two-Factor Authentication on Every Account](/tutorials/how-to-enable-two-factor-authentication-on-every) -- Add the second layer of security on top of your new passwords
- [The Entrepreneur Security Checklist](/tutorials/the-entrepreneur-security-checklist-password-manag) -- Complete security review covering all aspects of your business's digital safety
- [How to Conduct a Small Business Technology Audit](/guides/how-to-conduct-a-small-business-technology-audit) -- Find and secure all the tools in your stack
Disclaimer: Pricing for 1Password and Bitwarden referenced in this article is approximate as of early 2026. Verify current pricing at each vendor's website. This article is for informational purposes only and does not constitute professional security advice. Specific security requirements vary by business type, industry, and regulatory environment.
RECENT POSTS
Hi, I Am Carlos Vargas
CEO Of Bezalel Digital
Get the latest insights on digital marketing, entrepreneurship, leadership, and faith-based topics from CEO Carlos Vargas. At Best Blog Ever, you'll find the best information available to help you level up your success and grow your business. With content tailored to your individual needs, you'll be equipped to take on any challenge. Get started today and join the Best Blog Ever community!
PAGES
SOCIAL
Bezalel Digital © 2023 | All Rights Reserved | CarlosVargas.com
Terms | Income Disclaimer