skip to content
 

We recommend using a password manager to store all your passwords. These store all your usernames and passwords in one secure place, so you don't have to worry about writing them down or remembering them. Some password managers automatically enter your login credentials on login screens, though some require you to copy and paste your password. This makes it far more secure than writing down passwords, and means you can use unique passwords for every login instead of using the same or similar passwords. The Government's National Cyber Security Centre (NCSC) has a webpage here detailing why you should use password managers.

 

Summary (see 'What password manager should I use?' below for further details)

Personal use (free):

  • Apple's iCloud KeyChain if you primarily use Apple devices.
  • Browsers' built-in managers if you use the same browser (and browser account) across your devices, e.g. Chrome, Firefox.
  • BitWarden if you use multiple devices or multiple browsers.

Business use (paid)

 

Features to look for in a good password manager

Not all password managers offer the same services and features, so it's worth looking for these features in a password manager before using it.

  • Synchronisation - If your passwords were saved locally on one device, they wouldn't be accessible if that device was lost or stolen. Therefore, look for a password manager that supports online synchronisation across all devices. This will be tied to your account, so you can access your passwords wherever the password manager is available.
  • End-to-end encryption and encrypted stored passwords - End-to-end encryption means that only you can access your passwords; the company providing the password manager won't be able to see your passwords, so they'll be much safer. Encrypted stored passwords means that your passwords are scrambled so they're no longer recognisable (e.g. the password 'lemontreefrog' might look like 'J5g#%^WhBL#Y'. Note: don't use 'lemontreefrog' as your password!) If your passwords were involved in a data breach, they would not be recognisable and would be better protected than passwords that were not encrypted.
  • Password generator - This creates a strong password using random numbers, letters (capital and lowercase) and symbols, with some allowing you to change the password's length. A good, secure password should have a mixture of random characters, and should be at least 10 or 11 characters in length.
  • Auto-filling - Good password managers will automatically enter your stored login credentials, meaning you don't have to remember passwords or copy and paste them. Some devices and operating systems provide better integration for auto-filling, so some settings in the password manager or device's operating system may need adjusting to support this.

 

What password manager should I use?

There are many free and paid-for password managers that suit a variety of needs, with some offering additional services and features over others. There isn't one password manager that works for everyone, so below is a list of reputable password managers that we recommend, based on one's requirements and circumstances.

 

Free password managers for personal use

Apple's iCloud Keychain - Apple offer a free password manager built into their devices, so you can generate secure passwords, store login credentials and automatically fill your credentials on login screens. If you primarily use Apple devices like iPhone, Mac and iPad, Apple's iCloud Keychain is a good option. This automatically synchronises with your Apple iCloud account, so you can access your passwords across any Apple device you own. It also supports multi-factor authentication, so you can generate security codes to further improve your account security. Please note: iCloud Keychain is only available on devices running iOS or iPadOS 15 or higher, and Macs running macOS Monterey 12 or higher. To import your iCloud Keychain passwords to a Windows computer, you must use the iCloud for Windows program.

BitWarden - This is one of the most flexible free password managers available. With apps available for all major operating systems and browser extensions for most major browsers, BitWarden automatically synchronises your credentials across all devices, so you can store and access your passwords on any device where BitWarden is installed. If you use devices with different operating systems or different browsers, BitWarden is a good option. You can generate secure passwords, store login credentials and automatically fill your credentials on login screens. However, you must pay for a Premium subscription for BitWarden to generate multi-factor authentication security codes, so if you want the free version we'd recommend using an authenticator app like Microsoft Authenticator alongside BitWarden.

Browsers' built-in password managers - Most internet browsers have built-in password managers that store your login credentials. If you use the same internet browser across multiple devices, such as Chrome or Firefox, the built-in password manager may be a good option. When you login to a page, a pop-up may appear asking if you'd like to save your password; this will then fill in your login credentials the next time you visit that page. Chrome's password manager is linked to your Google account, so this can be synchronised across any device where Google Chrome is installed. Similarly, Firefox's password manager synchronises your passwords with your Firefox account, so you can access them from any device where Firefox is installed. Almost all modern internet browsers have a password manager, some with more features than others, so it may be worth researching these browsers' features to see if they meet your requirements.

 

Password managers for shared use

Some password managers support shared access, where multiple members of a team can access, add or remove login credentials. If you have shared services with one set of login credentials for your team, e.g. a shared mailbox or online platform, then a password manager with shared access would be a good idea.

1Password - This is a good password manager for both personal and shared use. With customisable access to passwords and support for all major operating systems, 1Password can be customised as much as needed. This is used within the University and can be purchased for use within the Department; please contact the Computing Officers for more information.

LastPass - This is another good password manager that supports shared access. Like 1Password, access can be customised per person and there are many features that can be customised. However, its free version for personal use has some limitations, so we'd recommend using any of the free password managers for personal use, listed above.

 

Importing passwords from browsers to password managers

If you currently save your passwords within your browser and want to transfer them over to a secure password manager, you can export them to a file. This file can then be imported to your password manager, which will transfer all usernames, passwords and URLs to those websites into the password manager. Please note: if your browser supports notes for your passwords, these may not transfer over.

The following sections provide links to guides on exporting passwords from these popular browsers: Google Chrome, Safari, Firefox and Microsoft Edge. If the instructions/layouts change for these browsers, the official guides should be updated automatically; unofficial guides like the Microsoft Edge guide may be outdated. If you find these are outdated and we haven't updated them, please notify us at support@ch.cam.ac.ukDo not save this password file to a shared location, such as a fileserver.

If you are using another browser not mentioned below, search online for, "How to export passwords from [browser name]" and look for an official guide from the company providing the browser, or a guide from a reputable company. If you find any sites asking you to upload this password file, do not do this; this is a scam.

 

Exporting passwords from Google Chrome

This guide from Google shows how to export passwords from Google Chrome.

Exporting passwords from Safari

This guide from Apple shows how to export passwords from Safari.

Exporting passwords from Firefox

This guide from Mozilla shows how to export passwords from Firefox.

Exporting passwords from Microsoft Edge

This unofficial guide from NordPass shows how to export passwords from Microsoft Edge. Please note: this is for the 'Chromium' version of Edge, which has a blue/green swirling icon; this is not supported by the old version of edge, which has a blue 'e' icon; you will need to install Windows updates to get the new version of Edge.

 

Importing passwords to password manager

Once you've exported your passwords to a file, you can import them to most password managers. Search online for, "How to import passwords to [password manager name]" and look for an official guide from the company providing the password manager, or a guide from a reputable company. If you find any sites asking you to upload this file, do not do this; this is a scam.

For example, this guide from BitWarden, one of our recommended password managers, shows how to import passwords and even how to export passwords from popular browsers and password managers.

System status 

System monitoring page

Can't find what you're looking for?

Then you might find our A-Z site index useful. Or, you can search the site using the box at the top of the page, or by clicking here.