We never thought too hard about password managers. Apple’s built-in Keychain had done the job well enough for us—it was seamless, secure enough, and tucked neatly into the Apple ecosystem. But when we started thinking more seriously about digital hygiene, we quickly realized how much we didn’t know—about how these tools actually work, or what else was even out there.
We’re generally the kind to wonder how things work. But a lot has changed online since the early days of building Sailor Moon fan pages with hand-coded HTML. Back then, a password was just what you used to log into AIM. Now it’s the first line of defense—not just for sensitive information, but for the finer details of your life, personal or otherwise.
Taking on this piece was a chance to revisit that original curiosity. To look more closely—not just at the tools we trust (and sometimes take for granted), but at what happens when I navigate one for myself and learn how to choose one intentionally.
Getting a Feel for the Vault
We didn’t dive in with everything figured out. We started with the basics: downloaded Bitwarden, created an account, and set a master password I wouldn’t forget (important side note: Bitwarden doesn’t have a recovery option for this).
Then I saved my newly updated Gmail login.
Next came a small test case: my ChatGPT account. That one uses “Sign in with Apple” and a relay email—no password to save, really—but we added a quick note for it anyway. It wasn’t strategic, but it was enough to begin. And maybe that’s the point.
Password management doesn’t have to be everything all at once. We can start with one step, and Bitwarden makes that feel possible.
Why I Didn’t Import Everything (Yet)
Bitwarden offers to transfer browser-saved passwords or app-exported passwords as CSV files. I’ll explore that later, but it didn’t feel urgent.
Part of that was practical: most of the passwords stored in my Apple Keychain were for things I hadn’t used in years—free trials, one-time logins, forgotten Wi-Fi networks. Importing all of that would’ve felt like bringing a junk drawer into a new apartment.
The other part was personal. I wanted to trust the tool before handing over everything. I wanted to feel how Bitwarden worked before giving it a full “yes.” So I added just a couple logins manually. That kept things clean and clutter-free for now.
The iCloud Relay Quirk
The other day, I went to send an email from the Mail app on my Mac. Just as I hit Send, I was suddenly prompted to log back into my account. There were two options: use Passkey, or sign in manually. I’d already disabled Apple Passwords and Autofill at that point, so I figured—no problem. I unlocked Bitwarden, copied the password I had saved, and tried to log in that way.
Turns out I hadn’t saved the updated Gmail password—the one that had been generated by Apple Keychain. So I was pasting in something I’d already changed and forgotten. Still not ready to give in to Passkey, I tried two-factor authentication next. Surely it would just send a code to my phone and I’d be in.
That also failed, though the exact reason escapes me now. Eventually, I got a message saying a password reset would be sent… in 48 hours.
Not wanting to wait, I gave in: re-enabled Apple Passwords and Autofill—and with them, Passkey. When I did, it prompted me with that familiar question:
Do you trust this connection?
And honestly, after all that?
How could I say no?
Adding 2FA: One Layer Deeper
Once I had a few logins saved and felt more comfortable navigating the vault (Bitwarden’s term for your dashboard of saved items), I turned to two-factor authentication (2FA). Bitwarden supports 2FA for your login—an extra layer of security beyond the master password. It felt like the natural next step.
2FA is like adding a second lock to your door. The first is your password. The second is usually a time-sensitive code from a separate app—something only you have access to. Even if someone steals your password, they can’t get in without that second key.
I tried Authy first, but no luck: no Mac support unless you’ve already installed it. Google Authenticator didn’t work out either. So I went with Raivo OTP, a clean, open-source option made for Apple users. Simple, quiet, and just enough.
Setting it up was straightforward. Bitwarden generated a secret key during setup, which I copied into Raivo manually. I labeled the entry, saved it, and used the six-digit code it produced to finalize the setup. I also saved my backup codes in Bitwarden (don’t skip this step).
Final Thoughts (for Now)
Setting up Bitwarden with two-factor authentication wasn’t complicated, but it did require focused steps. We had to decide what to bring in, what to leave behind, and how to protect what we were building.
And in the process, we didn’t just start using a password manager—we started understanding it.
This is still in progress. We’ve still got more accounts to move, and a few old habits to unlearn. Like letting tools do the thinking for us just because they’re convenient. But we have a foundation now. And that feels like a good place to start.
Key Takeaways
- Bitwarden is open-source, free to start, and gives you full control over your vault.
- You don’t have to import everything right away—starting slow is okay.
- 2FA is a good next step after you’ve added a few logins.
- Raivo OTP is a great option for Mac/iOS users who want an open-source 2FA app.
- Bitwarden won’t recover your master password. Write it down or memorize it well.
- Sometimes using a new tool is less about productivity, and more about paying attention.