Using Bitwarden to manage passwords

A comprehensive guide to using Bitwarden password manager at Vaxa for securely managing work and personal passwords
Print this page

This guide explains how to use Bitwarden, Vaxa’s password manager, to securely store and manage passwords. Whether you’re new to password managers or already familiar with them, this guide will help you get the most out of Bitwarden while keeping your credentials secure.

Introduction to password managers

If you’ve never used a password manager before, think of it as a secure digital vault for all your passwords. Just as you might use a safe to store important documents, a password manager securely stores all your passwords in one encrypted location.

Why do we need password managers?

Most people struggle to remember unique, strong passwords for every website and application they use. This leads to common security problems:

  • Password reuse: Using the same password across multiple sites means if one site is compromised, all your accounts using that password are at risk.
  • Weak passwords: Passwords that are easy to remember (like “Password123” or your pet’s name) are also easy for attackers to guess.
  • Written passwords: Writing passwords on sticky notes or in unencrypted documents creates security risks.
  • Password fatigue: The mental burden of managing dozens or hundreds of unique passwords is overwhelming.

How does Bitwarden solve these problems?

  • One master password: You only need to remember one strong master password to access all your other passwords.
  • Strong, unique passwords: Bitwarden can generate long, random, unique passwords for every account, making them virtually impossible to guess or crack.
  • Encrypted storage: All your passwords are encrypted with industry-standard encryption, protecting them even if someone gains access to Bitwarden’s servers.
  • Cross-device sync: Access your passwords on your computer, phone, and tablet—they’re always available when you need them.
  • Convenient auto-fill: Browser extensions and mobile apps can automatically fill in your credentials, saving time and reducing typing errors.

In essence, Bitwarden makes it easy to follow security best practices without adding complexity to your daily workflow. It’s an essential tool for protecting both our organisation’s security and your personal digital security.

Getting Started with Bitwarden

Accessing Your Work Bitwarden Account

Your Bitwarden account will be set up as part of your onboarding process. You’ll receive a Bitwarden login email.

This email will be delivered to your Vaxa email address. Follow the steps to setup your account and set a secure master password and two-factor authentication (2FA).

Setting your master password

Your master password is the key to your entire password vault, so it needs to be:

  • Strong: Ideally at least 12-16 characters long, combining letters, numbers, and symbols.
  • Memorable: You’ll need to remember this password, assume it cannot be reset if forgotten.
  • Unique: Don’t use this password anywhere else.

Tip: Consider using a passphrase—a series of random words strung together (e.g., “correct-horse-battery-staple-mountain-7”). Passphrases are both strong and easier to remember than random character strings.

Installing Bitwarden

Bitwarden is available on multiple platforms:

  • Browser extensions: Available for Chrome, Firefox, Safari, Edge, and other major browsers. This is the most convenient way to use Bitwarden day-to-day. We pre-install this in our preferred browser, Edge, so you just need to log in.
  • Desktop Apps: Native applications for Windows, macOS, and Linux. In macOS, this is available in your Managed Software Centre, if not already installed by default.
  • Mobile Apps: Apps for iOS and Android.
  • Web Vault: Accessible at https://vault.bitwarden.com from any browser.

We recommend using the browser extension on your work computer as your primary method of accessing Bitwarden.

Basic navigation

Once logged in, you’ll see:

  • My Vault: Your personal password storage area.
  • Collections: Shared password collections for client work (more on this below).
  • Password Generator: Tool for creating strong, random passwords.
  • Settings: Account configuration, security settings, and preferences.

Using Bitwarden for work

Storing Your personal work passwords

Your personal work passwords should be stored in “My Vault”. These include:

  • Your email account password
  • Work applications and software
  • Internal systems and tools
  • Any other credentials that are unique to you

To add a new password:

  1. Click the “+” button or “Add Item”
  2. Select “Login” as the item type
  3. Enter the name of the service, username, and password
  4. You can also save the 2FA information here too, by getting the authenticator secret for the login and adding it to the “Authenticator Key” field (or you can use the ‘camera’ icon to scan a QR code if it’s on your screen).
  5. Click “Save”

Tip: Use Bitwarden’s password generator when creating new passwords. Click the generate icon (⟳) in the password field to create a strong, random password.

Using client collections

Collections are shared vaults where teams can store and access passwords related to specific clients. This is essential for collaborative work where multiple team members need access to client systems.

What belongs in client collections?

  • Client website and CMS credentials
  • Client application logins
  • Client service account credentials
  • Shared access to client tools and platforms

What should NOT be in client collections?

  • Your personal work passwords
  • Client credentials that only you should access i.e. unique to you.
  • Personal passwords unrelated to work

Accessing a client collection:

  1. Navigate to the “Collections” section in Bitwarden
  2. Click on the relevant client collection
  3. You’ll see all passwords shared within that collection
  4. Click on any item to view or copy credentials

Adding passwords to a collection:

  1. Create a new item or edit an existing one
  2. In the “Collections” section at the bottom, check the box for the relevant client collection
  3. Save the item

Your collection permissions are managed by the client owner. If you need access to a collection that isn’t visible to you, contact your manager or the client owner.

Auto-Fill and using credentials

When you visit a website stored in your Bitwarden vault:

  1. Click the Bitwarden extension icon in your browser
  2. Find the matching login entry
  3. Click it to auto-fill your credentials
  4. Or use the keyboard shortcut (usually Cmd/Ctrl + Shift + L)

The browser extension will also offer to save new credentials when you log into a site that’s not yet in your vault.

Personal Bitwarden (free benefit)

As a Vaxa staff member, you receive a sponsored Bitwarden Families organisation as an employee benefit. This allows you to securely manage your personal passwords and share them with up to 5 friends or family members. We strongly encourage you to use this for your personal security—it helps keep your work and personal lives separate and secure.

Why separate work and personal passwords?

  • Security boundaries: Keeps work and personal credentials separate, reducing risk if one is compromised. Vaxa has no access to your personal/family accounts—it’s completely private.
  • Privacy: Your personal passwords remain private and under your control.
  • Continuity: If you leave the organisation, you retain access to your personal Bitwarden account (though you may need to start paying for the subscription if you want to keep the Families features).

Vaxa has no visibility into your personal Bitwarden account or the passwords stored within it.

What to store in your personal Bitwarden:

  • Banking and financial accounts
  • Social media accounts
  • Personal email accounts
  • Shopping and subscription services
  • Personal documents and secure notes
  • Any other non-work-related credentials

What’s included in your sponsored Families organisation?

The sponsored Families plan includes premium Bitwarden features for all your users:

  • Unlimited password storage and sync across all devices
  • Advanced two-factor authentication (2FA) methods
  • Encrypted file attachments
  • Emergency access
  • Secure password sharing within your family group
  • 1 GB of encrypted storage (additional storage available for purchase)

Redeeming your sponsored Families organisation

Your personal Bitwarden Families organisation is completely separate from your work account—you’ll need a different master password and email address (your personal email) to set it up.

To redeem your free Families organisation:

  1. Log in to your work Bitwarden account at https://vault.bitwarden.com
  2. Navigate to SettingsFree Bitwarden Families
  3. Enter your personal email address (not your work email)
  4. Select Redeem
  5. Check your personal email inbox for an invitation from Bitwarden
  6. Follow the link in the email to accept the offer
  7. Either log in with your existing personal Bitwarden account or create a new one
  8. Complete the setup by naming your new Families organisation

Important notes:

  • If you already have a personal Bitwarden account, use that email address when redeeming
  • If you don’t have a personal account yet, you’ll create one during the redemption process
  • Your personal Bitwarden Families organisation must be accessed at https://vault.bitwarden.com (the same URL as your work account, but using your personal email to log in)
  • You can easily switch between your work and personal accounts using Bitwarden’s account switching feature
  • As long as you’re employed at Vaxa, your Families organisation is completely free
  • You should follow the same good security practices outlined in this guide when using your personal Bitwarden account

For detailed step-by-step instructions and troubleshooting, see the official Bitwarden guide on redeeming Families sponsorships.

Best practices

Creating strong passwords

When using Bitwarden’s password generator, we recommend:

  • Minimum 16 characters for high-security accounts (email, banking, admin accounts)
  • Minimum 12 characters for standard accounts
  • Include uppercase, lowercase, numbers, and symbols
  • Avoid dictionary words or personal information

When to share passwords vs. when not to

Share passwords via collections when:

  • Multiple team members need access to the same client resource
  • You’re collaborating on a project requiring shared credentials
  • You need to provide temporary access to a colleague

DON’T share passwords when:

  • They’re your personal work credentials
  • The system supports individual user accounts (create separate accounts instead)
  • Sharing would violate client agreements or security policies
  • You’re unsure—ask your manager or IT first

Never share via:

  • Email, Slack, or other messaging systems
  • Unencrypted documents or spreadsheets
  • Verbal communication in public spaces
  • Screenshots or photos

Refer to our Information Security Policy for more details on our approach to information security.

Keeping Bitwarden Updated

Ensure you’re running the latest version of Bitwarden:

  • Browser extensions typically update automatically
  • Check for desktop and mobile app updates regularly
  • Security updates are critical—install them promptly

Generally, on work devices, updates will be pushed to your device but you should be sure to accept and install them when prompted.

Getting Help

If you encounter issues with Bitwarden or have questions about password management:

  • IT Support: For technical issues, account access, or collection permissions
  • Information Security Group: For security-related questions or concerns
  • Bitwarden Documentation: https://bitwarden.com/help/ for detailed guides

Remember, using Bitwarden correctly is one of the most impactful security practices you can adopt—both for protecting our organisation and for your personal digital security. If you’re ever unsure about how to handle a password or credential, ask for help rather than taking a shortcut that could compromise security.

Last modified December 19, 2025: Merge pull request #18 from vaxa-tech/add-new-policies (681b088)