Password Manager

Compartmented credential management and rotation.

When to use

• Unique creds per site/service.
• Per‑identity vault separation.

When not to use

• Storing secrets without 2FA on the vault.
• Auto‑filling across mixed identities in one browser.

What to look for

• Strong encryption, audited design, zero‑knowledge architecture.
• Shared items via explicit vaults, not ad‑hoc exports.
• Good CLI for automated rotations and reporting.

OPSEC tips

• Separate vault per identity; separate browser profile as well.
• Use passphrases + hardware key unlock where supported.

Common mistakes

• Reusing passwords or patterns across compartments.
• Exporting unencrypted CSVs to disk.

Setup (generic)

1. Create vaults per identity; disable cross‑profile autofill.
2. Turn on hardware‑key unlock.
3. Generate unique passwords; rotate weak ones.

Related: Hardware Keys, Encrypted Email