Tip for passwords in general:

Create a password, but don’t actually use it yet.

Like… make an empty account for Bitwarden (or if you use Keepass, make an empty database) with that password, then keep logging in every 5 minutes or so… for like 3 times… then log in like every 1 hours or so for lile 3 hours… then ever 6 hours…

etc…

make sure you spend like 1 or 2 days doing this routine… of logging in every X time to get it committed to memory…

THEN after you know its memorized, start using the Bitwarden account (or Keepass database).

Also if you are using Bitwarden, pay like one time for the premium (its yearly but you can cancel the renew).

Set up emergency access to anoyher Bitwarden accouny with a secondary email

Then add that secondary Bitwarden account as your Primary’s Emergency Access contact.

Then write the SECONDARY account’s Email address, Email Password, and Bitwarden Password, on a piece of paper.

Set it for like X time then check your email for your primary account every X/2 days (if you set it as 14 days for recovery, check it at least once every 7 days) to make sure nobody got your piece of paper and tring to steal your passwords.

You can store it in a bank safe… or just in a drawer somewhere at home is fine too. Even if a roomate/family member gets it, you get a notification if they try to do emergency access…

This protects you from randomly getting retrograde amnesia…

And this is better than actually writing your PRIMARY account’s log in details down, because it give you a 14 day buffer (or whatever days you set it to) before someone can actually make use of those credentials…

And afiak, you only need premium to add an emergency contact, you don’t need premium for future years to keep it continue working.

Use 2FA. Keep any recovery codes safe (preferably in a safe with your important paperwork).

I don’t think its been mentioned here yet but having a yubikey configured for your bitwarden account can be really handy.

Make backups and store in a secure location

I don’t think there are many mistakes to be made.

Just:

• don’t use a weak master password
• don’t forget it
• don’t share it
• don’t reuse it
• make sure to use it only on verified bitwarden apps

Password managers are actually easier to use than not using them

Write it down on paper and keep it safe. You don’t have to label it with what it is.

Just don’t save it electronically.

Do you have a family member or a close friend who is tech savvy and is also using BW? If yes - you could set up an emergency access, so that they can initiate an account takeover should you somehow entirely lose access to everything and need it recovered. The original intent is to take control of an account of a deceased person.

If that’s not an option - just save your master PW somewhere offline. Another person suggested paper, but honestly evaluate your own threat levels and consider having an offline backup of it on a device that never connects to the internet (e.g. a flash drive that you only connect with the internet turned off). You can also make an offline export of your vault onto that USB in case you get locked out and need at least your data recovered. Generally don’t overthink your master PW, a 10 word passphrase with a number is good enough, if it’s not a grammatical sentence - even better, it can even be not in English. There are also ways you can “salt” your PW in addition, say, your PW is hello-friend-joke-inventing5, you can save it as housing2-hello-friend-joke-inventing500 and just remember to remove the extras. If you are not specifically targeted and don’t click on fishing links, then honestly even if you save your master PW in your own BW vault nothing will happen, even less so if it’s salted.

The only way to truly mess up your vault is to change keys without logging out your devices, but BW explicitly warns you at each step of that process, so it’s up to you not to ignore the warnings.

I’ve used a password manager for many years (1password then bitwarden) and have never had an “oh shit” moment. I use a master password that I’ll never forget, have never needed a hint and have never lost or corrupted a password. I feel that as long as you treat your password manager as something that’s important and deserves your careful management, you’ll be a-ok. I have never once had an issue that was created by the manager itself.

only keep unimportant passwords in an online manager. important ones keep in an offline manager.

One follow up question, can the Master Password hint be extremely obvious or should I make it bit trickier to enchance the security?