This article is part of my Cybersecurity Hygiene Series - I recommend reading the background information about the series first to understand how these tips are structured. See this post: Cyber Security Hygiene.
Use a Password Vault/Manager
If you follow the rather important good practice of having a unique password for every account. You will immediately be challenged by the sheer number of different credentials that will be needed to authenticate with all these accounts. A Password Manager (I prefer vault because they are encrypted) is an encrypted storage location to keep all these different credentials (and potentially other secrets too - more on that later) organized and secure.
So what is it? It is a piece of software and an encrypted database. It might be something you pay for as a service that lives in the cloud or it might be software you run on your local machine with a file stored somewhere you choose. Both of these end up providing the same end-result. You store all your secrets in this "vault" and remember a single password that you use to "un-lock" the vault. When you need one of the entries, you unlock the vault and it can automatically enter your username and password (or other secret) into web sites and/or applications as needed.
Why?
With the many hundreds of credentials (passwords etc...) you wind up with in our modern lives, password vaults/managers are effectively an essential. They also provide a host of other useful features. In fact, once you get used to having one it will usually save you so much time, you'll wonder how you ever lived without one.
Imagine never having to type in a password and never even having to make one up! Many of my cybersecurity colleagues joke about the fact that we basically don't even know our passwords any more. It's no laughing matter though, we really don't. That is because we let the password manager generate long strings of gibberish that are effectively un-guessable and then auto-paste them into the application that needs them. We never need to type them in and don't even see them. It saves so much time that now, any time I actually do need to type in my password, I feel slightly annoyed.
As you'll see later though, you don't need to restrict this to just passwords. (Hint: never type in your credit card number on a web site again either!) stay tuned for more on that.
What Do I Do?
Using a password vault is fairly simple (see the bonus tip for some discussion about what type to use). First, you choose a strong master password for the vault. This should be something never before used, at least 20 characters long and difficult to guess. Never use this password anywhere else and ensure you don't forget it!
Then you simply use the vault to store ever new credential you need. If you already have a lot of accounts, especially if they use the same password or a weak (short) password - this is a great time to change them to something unique and secure. All password vaults include a generator that will create gibberish passwords for you at some given length and can even meet the password complexity rules that archaic web sites sometimes still require (hint, there is no good reason for those complexity rules)
You will usually enter a title for the credential, the URL of the service (assuming it's a web application), the username, the password, and there is also a space for notes, custom fields, and even associated file attachments (for the geeks: yes you can store your SSH keys in here).
Then, next time you actually need to login to this service, depending on the tool, it will either just offer to enter the password for you once you unlock the vault or you may need to press a specific key combination. In most cases the vault will also act like a bookmark for the site, allowing you to open the site in a web browser directly from the vault. This is much more secure than typing in web addresses manually.
More Than Just Passwords!
You can store all sorts of things in a password vault. Most allow file attachments and custom text entries. Things I recommend you consider storing in addition to passwords:
Credit card and account numbers: because then you never need to type them in again or try to read them off a fading card, or if you loose the card you still have the number.
Other ID numbers: Drivers License, passport, other IDs, etc... again in case they ever get lost or even while you're travelling
Photos of your ID: also in case it ever gets lost (think travel again)
Software license keys: these are less and less common but a vault is the perfect place to store them securely.
A copy of your will and other important documents. While some find it a bit morbid, planning for unfortunate events can be very important for your loved ones. I give the unlock-code for my password vault to my partner and it's also stored along with the printed copy of my will. Should anything ever happen to me, this gives them access to everything they need to know to deal with my online existence. I even have an entry in my Keepass with specific instructions including contacts of people that can assist and who should be notified should such an event occur (it's the very first entry)
Bonus Tips:
People debate which is better, a vault you run locally and control yourself like Keepass vs one that you pay for as a service in the cloud like Bitwarden. First and foremost - using ANY password vault is so much better than not using one, this debate is pointless by comparison. However, here are some of my thoughts on the matter:
Managers like Keepass (or it's prettier but feature limited clone KeepassXC) give you full control and provide the slight security benefit of not being tied to a cloud-vendor and not being tied to a web browser by default. However, you need to sort out syncing yourself (usually by storing the vault file on some file-share or setting up manual sync)
The cloud based password managers make syncing across multiple devices easier for the less technical and come with support for those that need it. They tend to expect browser integration which is a plus for some and a negative for others.
In the end, I would suggest that less technical folks opt for the service option and the more technical folks try Keepass first (I use Keepass) but regardless of which way you go, use a vault, any vault!