Bitwarden setup guide: from zero to secure vault in 30 minutes

This guide walks through setting up Bitwarden from scratch. It assumes you have no existing password manager. It takes about 30 minutes.

Step 1: Create your account

Go to bitwarden.com and create a free account. Use an email you control and won’t lose access to.

Master password requirements and recommendations:

Bitwarden enforces a minimum of 8 characters. You should use at least 16, preferably 20+. Options:

• Passphrase — 5 random words: correct-horse-battery-staple-nine. Easy to type, hard to brute-force. Generate one at diceware.dmuth.org.
• Random string — generated by Bitwarden’s password generator during setup. Write it down and store the paper somewhere physically secure.

Whatever you choose: do not lose it. Bitwarden cannot recover your vault if you lose your master password. There is no “forgot password” that works.

Set the KDF to Argon2id (Settings → Security → Keys → KDF Algorithm) if you’re not in an environment with memory constraints. This is more resistant to GPU-based offline attacks than the default PBKDF2.

Step 2: Install the browser extension

Install the Bitwarden extension for your browser:

• Chrome, Edge, Brave: Chrome Web Store
• Firefox: Firefox Add-ons
• Safari: Mac App Store

After installing, pin the extension to your toolbar. Log in with your email and master password.

Step 3: Install the mobile app

Install Bitwarden from the iOS App Store or Google Play Store. Log in with the same account. Enable biometric unlock (Face ID / Touch ID / fingerprint) — this lets you open the vault without typing your master password every time.

Step 4: Import existing passwords

If you’ve been using browser-saved passwords, a previous manager, or a spreadsheet, import them now rather than entering them manually.

From Chrome/Edge/Brave saved passwords:

1. Go to chrome://password-manager/passwords
2. Click the settings icon → Export passwords → Download the CSV
3. In Bitwarden’s web vault: Tools → Import data → Google Chrome (csv)
4. Select the file and import

From 1Password, LastPass, Dashlane: Each has an export option that produces a CSV or 1PUX/JSON format. Bitwarden supports all common formats — check the Bitwarden help center for the exact steps for your source manager.

After importing: delete the exported file from your Downloads folder. Do not leave plaintext password exports sitting on your disk.

Step 5: Set up 2FA on Bitwarden itself

Protect your vault with a second factor. Without 2FA, anyone who obtains your master password (keylogger, shoulder surf, data broker leak) can access your vault from any device.

1. In the web vault: Account Settings → Security → Two-step login
2. Choose your method:
   • Authenticator app (TOTP): scan the QR code with Google Authenticator, Aegis (Android), or the Bitwarden Authenticator app
   • YubiKey or hardware key: available on the free tier — plug in, touch to register
3. Save your recovery code somewhere safe (not in Bitwarden itself — a physical note is fine)

Step 6: Start using it

From here: let Bitwarden save new passwords as you log in to sites normally. When prompted to save a login in your browser, click “Save” in the Bitwarden notification.

For any site where you want to upgrade to a unique strong password:

1. Log in to the site
2. Go to Change Password
3. In the new password field: click the Bitwarden extension → Generate password
4. Use a 20-character random password
5. Save it to Bitwarden, then change the password on the site

Over the next few weeks, you’ll have replaced your reused passwords with unique ones as you encounter sites naturally.

Common questions

What if I lose my master password? If you have no recovery codes, you lose your vault. Bitwarden cannot recover it. Write it down.

Is the browser extension safe? Yes, but: only install from the official stores. The extension does not have access to your master password — it decrypts the vault locally and fills credentials. Bitwarden’s extension has passed public code audits.

Can I use Bitwarden offline? The vault syncs to Bitwarden’s servers (encrypted). Once synced, the mobile and desktop apps can access your vault without internet. The browser extension requires a recent sync.

Should I use the Bitwarden mobile app or rely on iOS Passwords/iCloud Keychain? Use Bitwarden. iCloud Keychain is Apple-only and doesn’t sync to non-Apple devices. If you have any Android devices, Windows machines, or non-Safari browsers, you need a cross-platform solution.