This is a great article that applies to any password manager (PM):
If you've implemented a password manager for you or your org, there is more to do! Here are some additional suggestions that build on the article:
- Treat as a crown jewel the email account that owns your PM account and all your other cloud accounts. If baddies can take over that account, they can take over almost all your accounts by doing password resets.
- You have to properly use a PM to get the value: it's not enough to just have a PM account and store your logins in it. For starters, for your important accounts, change their passwords to long random strings, and use the PM to autofill your credentials into web login pages; that will make you very resistant to phishing.
- Two-factor authentication (2FA) is critical for your important accounts, including your PM and email accounts. Authy is an excellent 2FA authenticator app/service.
- Backing up your vault is a great idea, but be aware that if you're on a Windows PC, your main drive is not encrypted unless you have enabled BitLocker (or the Device Encryption found on Microsoft Surface-type devices); so you'll need to store your PM vault export somewhere else.
If you or your org haven't yet implemented a PM, it's usually the very first thing to do (along with 2FA) to improve your cybersecurity. Three excellent PM to consider are BitWarden, 1Password, and LastPass. Check out their business tiers if your org is multi-person.