Phase 1~1 hourEasy

1.6 Password Manager and Account Ownership

Prerequisites

Before you start, make sure you have:

A phone or computer
1 hour

Step-by-Step

Choose a password manager

Bitwarden (free, open source, recommended), 1Password (~$3/mo, excellent), or Dashlane (free tier). Avoid storing passwords in your browser.

Create your master account

Use a strong, unique password you can actually remember. Enable two-factor authentication (2FA) using an authenticator app. Write your master password on paper and store it physically somewhere secure.

Create a Digital Assets vault

As you work through this guide, add every account to your vault immediately after creating it. Store: URL, username, password, 2FA backup codes, account email, and any account number.

Document account ownership separately

Create a simple spreadsheet with: platform, what it’s for, who owns it, login email, and date created. This is your “digital assets register.”

Audit any existing accounts

If you’ve already got a website, hosting, domain, or Google account, find the logins now. Confirm everything is under YOUR email address and YOUR payment method.

Share access correctly

Never give contractors your master password. Use each platform’s built-in role/access system. Grant access, don’t share credentials.

Visual Reference

See Bitwarden's getting started guide for screenshots of the vault interface, creating entries, and setting up 2FA.

Common Mistakes to Avoid

Letting your web designer register your domain — if they own the account, they own your domain. This is one of the most common ways businesses lose control of their digital assets.
Letting agencies create ad accounts, analytics, or social profiles under their own logins — when you stop working together, they take your data, your ad history, and your audience with them. Every account should be created under YOUR email, with agency access granted via each platform’s built-in permissions (e.g., Google Ads Manager accounts, Meta Business Manager partner access).
Using the same password everywhere — one breach compromises everything
Not saving 2FA backup codes — getting locked out of Google or Meta costs days
Using your personal email for business accounts — creates confusion when staff change
Signing long-term contracts without data ownership clauses — your conversion data, keyword research, and audience insights are valuable assets. Ensure your contract specifies you own the data.

Pro Tip

Create a dedicated business email address ([email protected]) for account registrations only. Never use it for communication. This creates a clean handover trail.

You're Done When

Password manager installed and master account created with 2FA
All existing accounts documented in vault
Digital assets register started
Domain, hosting, and Google accounts confirmed to be under your ownership

That's a solid afternoon's work.

We knock it out before lunch. Literally.

Get Your Free Audit Book a Call

Next: Tracking Checkpoint→← Back: 1.5 Transactional Email View all sections