Scene Hook

Last week at a café, I watched my computer auto-fill a client dashboard password, and suddenly broke into a cold sweat—my passwords might have been exposed long ago.

I used to cut corners, storing dozens of client dashboard passwords all in the Edge browser—I've also fallen into that 'convenience costs you dearly' trap. Those of us working solo, our computers hold our entire livelihood. If client data leaks through our browser, our reputation is destroyed. Microsoft Edge recently got exposed for a major vulnerability: it stores all your saved passwords in plaintext (unencrypted raw text) in your computer's memory (where data is temporarily stored), even if you never use it. As long as your computer gets a trojan, or someone else touches your computer, all passwords are leaked.

What It Is + Who Is Using It

The fix is simple: don't use your browser to store passwords—switch to a professional password manager. My friend Lao Li (a fellow solopreneur in Shanghai), last month at a coworking space, stored his client's payment platform passwords in Edge, and his computer got a trojan—client accounts were nearly compromised. He was so scared he switched tools overnight. Security-conscious folks stopped using browsers for passwords long ago. They all use open-source password managers like Bitwarden, which locks your passwords in an encrypted vault that only your master password can open.

Replicate Cost Today

Money: $0 (free version is enough)
Time: 15 minutes
Technical barrier: Just need to know how to download and install software, no coding required
First step: Go to Bitwarden's official site and click 'Get Started' to register an account

Advice by Stage

Just starting out: If your business is just starting and you don't have many accounts, first turn off the browser's auto-save feature. Writing them in a notebook works too—this tool isn't for everyone, no problem if you don't try it now.

1–2 clients: If you're holding client data, I'd suggest installing a password manager right away and moving client-related passwords there. Stop letting client info run naked.

Scaling up: If your team has a few people, absolutely use an enterprise password manager to centrally manage passwords. Otherwise, one employee gets hit and the whole company suffers.