wavePod

Get Wave AI

Hands-On Windows 177: Password Managers and Windows 11 - All TWiT.tv Shows (Audio) | Wave AI Podcast Notes

Back to All TWiT.tv Shows (Audio)

Hands-On Windows 177: Password Managers and Windows 11

All TWiT.tv Shows (Audio)

Thu Feb 19 2026

The Key to Your Online Security

Summary

Hands-On Windows 177: Password Managers and Windows 11
Host: Paul Thurrott
Release Date: February 19, 2026

Episode Overview

In this episode of Hands-On Windows, Paul Thurrott kicks off a two-part series focused on password managers, emphasizing their essential role in personal security on Windows 11. This episode explores how password managers work, what features matter most, how to choose one, and a practical overview using Proton Pass within Windows, particularly the browser environment.

Key Discussion Points & Insights

The Evolution and Role of Password Managers

Password managers are central to online security:
- Once simply for passwords; now they're digital vaults for logins, payment methods, documents, personal data, and more.
- “It's not a password manager … these days, it's really an identity manager.” (Paul, 01:24)
Essential features of modern password managers:
- Autofill for logins & personal info across devices.
- Generation of strong, unique passwords.
- Detection of reused, weak, or compromised passwords.
- Recommendations for adding stronger authentication (like 2FA or passkeys).
- Emergency access and email alias generation in some apps.
Security layers:
- Protected by device biometrics (FaceID, Windows Hello, etc.).
- Synchronization across cloud-connected devices ensures access everywhere.

Choosing a Password Manager for Windows

Universal, cross-device support is critical.
- “When it comes to choosing a password manager, I think the most important thing … it needs to be everywhere, right? On all your devices.” (Paul, 03:48)
Recommended Free and Paid Options:
- Free: Bitwarden and Proton Pass (Paul demonstrates Proton Pass in the episode).
- Paid: 1Password and Dashlane (“not super expensive… roughly $30 a year or even less”).
- Ecosystem-native options:
  - Google Password Manager (built into Chrome).
  - Microsoft Password Manager (built into Edge; covered in the next episode).

Practical Demo: Setting Up and Using Proton Pass

Account Creation and Vault Basics (09:28):
- Demonstrated a new account creation with Proton Pass.
- Options include: “Hide my email” aliases, credit cards, notes, custom item support (e.g., passport images).
- “Most people are going to ... import passwords, because we all have passwords in various password managers and browsers.” (Paul, 10:16)
Importing Passwords:
- Export passwords from Chrome as CSV and import into Proton Pass.
- Highlights the privacy challenge: “It would be kind of a privacy nightmare to show you all that … so I just show you what it looked like.” (Paul, 09:36)
Security Audits Inside the Manager:
- Proton Pass flags weak and reused passwords, provides dark web monitoring, and suggests enabling 2FA on accounts that allow it.
- “Correcting each of these little issues does take time, but 100% worth it.” (Paul, 12:51)
Creating and Saving a Strong Password for a New Account:
- Example: Setting up a Spotify account, accepting a suggested strong password, and saving it directly into the vault.
Dealing With Browser Autofill Conflicts (15:04):
- If you adopt a third-party manager, turn off the built-in browser manager to avoid conflicts.
- “You have to actually turn off the old password manager ... in Settings … but Google Password Manager is turned off, so that shouldn’t have come up.” (Paul, 15:21)
- On mobile, ensure only one autofill provider is set.
Final Steps for Full Security:
- Once migrated, delete old passwords from browsers and other locations to reduce breach risk.
- “It’s super important … to not have multiple copies of all your passwords out in the world.” (Paul, 17:56)

Password Management and Windows 11

Password management happens in the browser environment, not natively within Windows 11 (passwords managed in Edge ecosystem).
Passkey (passwordless authentication) support is built into Windows 11.
Next episode will focus on Microsoft Password Manager inside Edge.

Notable Quotes & Memorable Moments

On what a password manager really is:
- “Even in the old days when all it did was manage passwords, it was really managing logins… Now, it really is an identity manager.” (Paul, 01:33)
On feature priorities:
- “It needs to be everywhere, right? On all your devices. That’s big.” (Paul, 03:48)
On the move from browser-based managers:
- “If you’re still using your browser’s password manager, Bitwarden makes it very easy to move over…” (Leo Laporte, sponsor segment, 07:23)
Practical user advice:
- “Once you’ve done all this … there’s one more step, and it’s important … delete these things [old passwords] … it’s super important to get that done.” (Paul, 17:40)

Timestamps for Key Segments

00:18–04:55 | What is a password/identity manager, what features to expect
04:56–09:28 | Sponsor segment (Bitwarden, skip)
09:28–13:44 | Setting up a password manager, importing accounts, using Proton Pass
13:45–16:00 | Creating a new account with autofilled passwords, dealing with autofill conflicts
16:00–18:45 | Managing browser autofill settings, deleting old passwords, securing accounts
18:46–19:45 | Closing remarks

Practical Takeaways

Password managers go far beyond just passwords now; they’re foundational for your digital identity, especially with new features like passkeys and cross-device sync.
Choosing one comes down to platform support, feature set, and, if you prefer, open-source credentials (Bitwarden and Proton Pass get repeated praise).
Set up your password manager everywhere you use passwords, clean up your old password stores, enable 2FA, and consider dark web monitoring.
Windows 11 does not have a native standalone password manager; Edge houses Microsoft’s solution (future episode).

For listeners seeking a clear, step-by-step guide to migrating to a modern password manager in Windows (especially with free and open-source options), this episode provides straightforward, practical advice — with a focus on why it matters for your security in 2026.

Loading summary...

Transcript

A (0:00)

Coming up next on Hands on Windows, we're going to take a look at password managers and how they work in Windows 11.

B (0:08)

Podcasts you love from people you trust. This is twit.

A (0:18)

Hello, everybody. Welcome back to Hands on Windows. I'm Paul Thurat and this is going to be the first of two episodes that I do about password managers. This is kind of in keeping with Our beginning of 2026 Resolution Security Focus kickoff kind of thing. We just did a few episodes on securing online accounts, Microsoft accounts, specifically Windows 11, of course, and I did a two parter on passkeys because passkeys are super important. But the core of our kind of security toolkit as individuals when it comes to protecting our online accounts and really our online identities are password managers. There's a lot of information here, so I had to make a couple of slides. I apologize in advance. I wasn't super excited about it either, but I think it's important just to be able to get through this stuff in a way that makes sense. So let's do that. So just what is a password manager? I think the big thing here is that this is a common thing. We've all heard of this. We all have actually used several of them. Probably. The name is terrible. It's not a password manager. Even in the old days when all it did was manage passwords, it was really managing logins, right? Which is a combination of user accounts or usernames, I guess, and passwords. These days, it's really an identity manager. It manages all your logins, which is that username, password combo, your payment methods, your identification documents, all kinds of personal information, you know, name, address, phone number, that kind of stuff. But they do a lot more too, right? The good ones will generate strong passwords for you. So when you create a new account, it will create this long, complex password. All of them will autofill logins everywhere, mobile and desktop, right? Also auto fill things like payment information, other personal information as needed, as on the web. It will scan your library of logins and look for passwords that are reused that are weak, vulnerable and compromised accounts. And the really good ones will point out the accounts that actually have different two FA methods like authenticator, app support, or passkeys that you're not configured with yet. And then you can go add that to those accounts, right? To make sure that all of your accounts are as secure as possible. This thing will sync to the cloud so you can use it everywhere. And that's a big part of it. You want to be able to use this Everywhere you are. And that means your phone and your PC, but whatever other devices you might have as well, including tablets for example, or if you have multiple devices. Right, multiple PCs or whatever. And these things are protected by the biometric security methods available on your device. So on your phone you'll have something like Face ID or the Android equivalent. On Windows we have Windows hello, of course, with facial and fingerprint recognition. And this is just another layer of security on top of the other layers of security that exists to protect the password manager itself or whatever accounts that you have. And then beyond that, there's actually a lot more. And it depends on which password manager you go with. But you'll see things like emergency and continuity services. So if you pass away or incapacitated, a loved one can access your password manager vault and get into your crucial information when it's most needed. Email, alias generation for newsletters is available on some of them. It depends. And many more. But we're going to stick mostly to the basics here. When it comes to choosing a password manager, I think the most important thing to remember is that I said this earlier. It needs to be everywhere, right? On all your devices. That's, it's big. And then for actual solutions, you know, in the Windows space, I'm going to, I'm going to not focus too, too much on Apple because they have their own thing going on. But I would say there are two main choices that are free and third party and excellent. And those are Bit Warden and Proton Pass. I actually use Proton Pass and I will be using that for whatever examples we have. But one password is very popular. Dashlane is very popular though those are not free, but they're not super expensive for an individual. I think you're looking at roughly $30 a year or even less depending on which one you ch. But like I said, Bit Warden and Proton Pass are free and pretty full featured versions. If you are in the Google and or Microsoft ecosystems, and we are, you might want to use one of those password managers as well. Google has the Google Password Manager built into Chrome. That's something I will look at today, I believe. And the Microsoft Password Manager is built into Edge. And I'll look at that in the next episode. And it's time for a quick break. We'll be right back.

B (5:02)

Hey Paul, if you don't mind, I'd just like to interrupt for a moment. Hope you're enjoying Hands on Windows. Our show this day is brought to you by bitwarden. You know, we've talked about bitlorden, an awful lot. You know it's the password manager I use. Steve Gibson uses it too. It is Bitwarden, the trusted leader in password, passkey and secrets management. Bit Warden's consistently ranked number one in user satisfaction by G2 and software reviews over 10 million users now. I'm really happy to hear that over 180 different countries and more than 50,000 businesses. You know businesses. This is really important for you. Whether you're protecting one account for yourself or thousands for your company. Bit Warden keeps you secure all year long and consistent regular updates for instance with the new Bit Warden access intelligence, this is great for your enterprise. Organizations can detect weak, reused or exposed credentials and immediately guide remediation. Your employees will actually be walked through the step by step to fix it. Replacing risky passwords with strong unique ones. And I tell you for a business this closes if not the number one, at least one of the most significant security gaps. I think it's number one. Credentials may remain the top cause of breaches with credential stuffing. You know if your employee is reusing passwords, and they probably are, or using weak passwords and they probably are, you need this Access intelligence will let you know and let them know those bad passers will become visible, prioritized and corrected before exploitation can occur. Bitwarden's also introduced something that individuals self hosters will love. This is Bit Warden Lite. Brand new Bitwarden Lite delivers a lightweight self hosted password manager. So this is great for your home lab, for your personal projects. Any environment where you want. Quick setup, minimal overhead and trust no one, right? I know this is something a lot of you want. Bitwarden is so great. You get to choose how you want to use it. That's the beauty of it. Because it's open source, Bitwarden is now enhanced with real time vault health alerts and password coaching features that help users identify weak, reused or exposed credentials and take immediate action to strengthen their security. You'll get direct if you're still using your browser's password manager. Bitmorn makes it very easy to to move over to Bitwarden from your browser. Much more convenient. It's not just in your browser. Bitwarden's everywhere, on every device. Bit Warden now supports direct import from Chrome, Edge, Brave, Opera and Vivaldi browsers. So you've always been able to export and import. That's what Steve and I did when we moved to the other guy's password manager and we moved over to Bitwarden a few years ago. We exported it and imported it into Bitwarden. Pretty simple, straightforward, did a beautiful job. But there's always that risk because that there's a period of time where you have a unencrypted version of your vault in your download folder. Direct import eliminates that. It imports credentials right from the browser into the encrypted vault without requiring a separate plain text export. So that makes migration easier. It helps reduce exposure associated with manual export and deletion steps. Bit Warden just gets better all the time. It's one of the reasons I love being a bit warden customer. G2 Winter 2025 reports Bitwarden continues to hold strong as number one. Number one in every enterprise category for six straight quarters. Bitwarden setup is easy. It supports importing for most password management solutions. It's a very straightforward process and once you're done, you're done, man. You're using the best password manager out there. Bitwarden is open source. That means it's GPL, it's on the GitHub, it's regularly audited by third party experts. You can look at it. Bitwarden meets every security standard. SoC2 type 2, GDPR, HIPAA, CCPA, ISO 27001 2002. It's secure, it's robust, and you can get started today with Bitwarden's free trial of a teams or enterprise plan. And as an individual, free across all devices, as an individual user free forever. Bitwarden.com TWIT that's bitwarden.com TWIT we love them. You will love them, your company will love them and they'll be very glad that they've switched. All right, now back to hands on Windows.

A (9:28)

Paul. So I went through a process where I had created a new account in a password manager just so you could see what that looks like. Right. Obviously I have all my accounts and my password manager. It would be kind of a privacy nightmare to, you know, kind of show you all that. So instead of doing that, I'll just show you what that looked like. So I used Proton Pass for this, signed in for a free account on the web, which is what you're seeing here. And when you get into this account the first time you have these choices. And this is actually kind of a nice screen because it shows you a lot of the things you can do with this. This is the hide my email alias I was talking about earlier. Credit cards and other payment informations information, sorry, notes. You can have an identity. And this is. I called, I created one called me. I think we'll see that in a moment. But basically, this is the phone number, address, other information related to you, etc. This particular solution supports custom items. You could, you know, upload pictures of your passport, your driver's license, et cetera, whatever you want. And then you can import passwords, which is probably something most people are going to do because we all have passwords in various password managers and all the browsers we've ever used, perhaps ON Android or iOS or iPad or on the Mac or wherever. And so if you're moving from, say, Chrome to, in this case, Proton Pass, you can export from that browser and then you can import into this new password manager. Okay, and this is what I'm doing here. So I created this account here. This is just a throwaway account I use for the book. There's nothing important associated with it. You're. I was going to say you're welcome to hack it. I mean, please don't hack it. But there's nothing there. It's nothing important. And so I had exported my password collection from Chrome. I actually trimmed it down because, you know, I don't need the whole thing in there. And plus most of it's terrible. And I imported this sort of subset of it, if you will, as a CSV. And then I just kind of hid the account names here because whatever. But. So this is just a shot of what it looks like after I had added those four accounts which were in the previous password manager. Okay. And let me just go into the main interface, though, so you can actually just see that live. If I could just find it. I have 200 windows open here with my literal. My real password manager. I have configured this so that it is protected with two fa. There's a passkey. I haven't done that yet and most likely will not. So I just have a password on this particular one, but it is prompting me to sign in. Now, what I've done here is I just changed all the account names so you can't see the actual email addresses. So there's nothing wrong here. There's nothing to worry about. But as you click through each one of these, you can see that that's a weak password. That's a weak password. That's a strong password. And this is an account I actually just created pretty recently. And the other thing worth looking at here is what the various options are. And these are going to be fairly consistent between password managers. But in this case, you can turn on things like Dark Web monitoring, so you can see if any of your email or other personal information has leaked onto the dark web or has been exposed as part of a giant, you know, security vulnerability or whatever. It will list the passwords that you have that are weaker, reuse, like I said, and then you can go through those and, you know, configure those with better passwords, which this solution will provide for you. And it tells me that I have two accounts that could be set up with two FA two factor authentication, which is really nice. So there's a lot of good stuff going on here and that's kind of beyond the basics, but it's worth going through all of this stuff. It takes time, it is fair to say, as you're going to have a lot more accounts than I have in here. So correcting each of these little issues does take time, but 100% worth it, of course. So I did create that account. Let me show you what that looks like here. So I went to Spotify, I just said, here's my email address. So I use this email address here, the win 1125 H2 book account. And I just created a new account. And there's a couple of steps you have to go through. I mean, obviously every online service has different interfaces for this, but when I got to this screen here, my password manager, Proton Pass suggested a password, which I accepted. And then it asked to save it into its vault, which it did. And so I've actually erased the password here, but it is auto filled that and, and I got in. And so rather than just talk about that, let's see what that looks like to sign in. So I created that account already. So here's Spotify and when I go to log in, you'll see when I click on this, two things happen, right? And so what's happening here so that you can see two overlapping attempts at filling in this password. And that's because I didn't do one of the things you're supposed to do. I did that on purpose. By the way, when you replace the built in password manager with a third party password manager, which in this case is an extension, you have to actually turn off the old password manager, right? And so you do that in Settings and this is in a slightly different position or place in each browser, but it's pretty consistent. So autofill and passwords, I think in Microsoft Edge it's actually passwords in autofill, whatever, but Google Password Manager and Settings, sorry. And actually it is turned off, so that shouldn't have come up. So I guess I did do it correctly. That's kind of interesting. So any password Manager built into our browser is going to have this interface for signing in. In this case, Chrome uses Windows hello, which is actually pretty nice if you want to use that password manager, import expert passwords, et cetera. So I did. So actually I'm not sure why that showed up, but it shouldn't. But I will do this again. And the thing you can't see, it's kind of confusing why that's there, but is the dropdown for Proton. Right. And so if I continue here, it's going to, in this case it's sending me the email, so it's not going to ask me for the password. So I could sign into this using the code that they will provide me with an email. So I guess I'll take two seconds to do that. But depending on the service and how they do security, they might just have you type in your password, in which case obviously this thing would do that for you. So I'm not going to actually go through it. It doesn't really matter. So this is the more typical experience that I think most people are going to do. I'm not really covering mobile too much here because it's just too difficult to show that screen, but in the sense that it should be available everywhere in Windows, you're going to install that extension in your web browser and if you have multiple browsers in all of your browsers, you know, sign into it, that will make it available here for all your sign ins. Right. So that's great. But you're also going to install the app on your phone or your tablet or whatever you have. And then you go into the settings interface on those devices and turn off all of the other autofill providers. And that's the way to get to it is open the settings app on your phone or your tablet or whatever you're using and search for autofill and then you'll see the password entry and just make sure that whatever password manager you've chosen is the one that you're using for autofill. And the other ones are turned off. Right. I think I mentioned this in a previous episode, but once you've done all this and you know you've imported your passwords, you've, you've gone through the process of get eliminating weak and reused passwords, you've set up two FA everywhere, you've got everything exactly where you want it, there's one more step, and it's important, and that is to go into the interface for your password managers and your browsers in your mobile systems. Wherever this wherever these things might be. And so here. So I have this giant list of passwords that's still in Google and what I should be doing is deleting these things and depending on that solution, this could be a tedious one by one type of thing. But just like properly securing all those online accounts, it's super important to get that done and to not have multiple copies of all your passwords out in the world. That's part of the way that you may see yourself showing up on the dark web if you were to enable this feature, which I have on my real account. Okay, so that's the basics of Pass Word management in Windows, right? You'll notice that nothing here is in Windows. Everything I did was in a browser. I happen to use Chrome here. But this could be Edge. It could be any browser. It does not matter. Windows 11 has built in support for managing passkeys, but it does not have built in support for managing passwords. That's built into Edge. And so in the next episode we're going to take a look at that. What does it look like to manage passwords inside the Microsoft ecosystem specifically. So we'll do that soon. Thank you so much for watching. I hope you found this useful. We'll have a new episode of Hands on Windows every Thursday. You can find out more at Twitter tv. H O W. Thank you for watching. Thank you especially to our Club Twit members. You know we love you, but you're not a club Twitter member. Do consider joining and you can find out more about that at Twitt tv. Club Twit. Thank you. I'll see you next week.