How to: passwords, passkeys & MFA 🔑
These step-by-step guides will help you complete each item on the IT security checklist for employees .
Store your passwords in the password manager
Reusing or memorising passwords leads to weak, predictable choices — a password manager lets you have a unique, complex password for every account without having to remember any of them.
- How to set up the Proton Pass macOS app
- How to set up Proton Pass for Windows
- How to use the Proton Pass desktop app
- How to use the Proton Pass browser extension
- How to use Proton Pass on your iPhone or iPad
- How to use Proton Pass on Android
Use passkeys
Passkeys replace passwords entirely with a cryptographic key stored on your device, making phishing and credential theft practically impossible.
- Passkey compatible devices & browsers
- How to use Proton Pass passkeys
- Guides per device:
- Passkeys on MacOS
- Passkeys on Windows
- Passkeys on iPhone
- Passkeys on Android
Export & import passwords to Proton Pass
Moving your existing passwords into Proton Pass in one go means you're fully protected from day one, with no accounts left behind in less secure places.
- Step 1: Export your passwords from your browser/old password manager:
- Step 2: Import your passwords to Proton Pass
- Proton manuals: export & import passwords
Delete saved passwords from browser(s)
Browsers offer far weaker protection for stored passwords than a dedicated password manager, so leaving copies there undermines the security you've just set up.
- Google Chrome: Delete saved passwords
- Firefox: Edit or delete a login with the Firefox Password Manager
- Brave: How do I delete my data in Brave? > Deleting individual data types
- Microsoft Edge: View or edit your passwords in Microsoft Password Manager
- Safari (Mac): Find saved passwords and passkeys on your Mac
- Safari (iPhone): Find saved passwords and passkeys on your iPhone
Turn off automatic password saving in each browser
If your browser keeps offering to save passwords, it's easy to accidentally store new ones there instead of in your password manager. Turning this off keeps everything in one secure place.
- Google Chrome: Turn off: "Offer to save passwords and passkeys".
- Firefox: Disable password saving in Firefox
- Brave: Toggle off "Offer to save passwords."
- Microsoft Edge: How to disable Microsoft Password Manager
- Safari (Mac): Turn off Passwords in iCloud settings
Replace weak passwords with strong passwords generated by the password manager
Weak or reused passwords are the single most common way accounts get compromised. Replacing them with randomly generated ones closes that vulnerability for good.
Proton Pass:
- Step 1: Find your weak passwords using Pass Monitor
- Step 2: Replace the weak password with a generated one
Enable MFA/2FA on all your business accounts
Even if a password is stolen, MFA means an attacker still can't get in without a second factor that only you have.
Start with the ones with the most sensitive data! (E.g. financial data in accounting software, customer/donor data in CRM, etc.) Where possible, admins are advised to enforce MFA for all users organization-wide via the Admin settings, removing the need for users to change their settings individually.
