I just got a breach notification — do I need a password manager

A breach notification is the moment when 'I should probably do something about my passwords' becomes 'I need to do something about my passwords now.' The notification usually tells you an email address and possibly a password appeared in a leaked dataset. What it rarely tells you is whether those credentials were actively used to access your accounts, what other accounts share that password, and whether you need to act in the next hour or the next week.

A password manager doesn't undo a breach. What it does is change your position for every future breach: instead of reusing the same password across 40 accounts, each account has a unique credential, so a single leak affects only one service. The window between 'breach notification' and 'complete credential rotation' is exactly when the value of a password manager becomes concrete rather than theoretical.

Quick answer

You need to act now and want free + unlimited

Bitwarden — set up in 10 minutes, import or start fresh, unlimited devices at no cost

You want breach monitoring so you hear about future incidents faster

Dashlane — dark web monitoring on 20 billion records included in Premium; alert before the notification reaches you

You want URL metadata encrypted so a future breach can't map your account list

Proton Pass — encrypts URL data that most managers store in plaintext

When it matters

Change the password on the breached account first — use a strong, unique password you won't remember, and store it in the manager you're setting up
Identify accounts that shared that password — email search for 'welcome' or 'verify your account' with the affected email address reveals services where you're registered. Change passwords on all of them, starting with banking and email
Change your email account password regardless — email is the recovery key for every other account. If your email is compromised, everything else can be reset through it
Enable two-factor authentication on critical accounts — banking, email, and anything with payment information. A breached password matters less if the attacker also needs your phone

You don't need to change every password in 48 hours. You need to change the ones an attacker can do real damage with. The rest can follow over the next week as you migrate into the password manager.

When it fails

Credentials already in circulation cannot be recalled — changing a password removes future risk; it doesn't erase the fact that the old credential exists in attacker datasets
If your email was the breach vector, act there first — a password manager protecting 200 accounts is less valuable if the attacker can reset all of them via a compromised email
Breach monitoring tells you about past incidents — it doesn't prevent breaches on the services you use. It reduces the lag between a breach occurring and you finding out

How providers fit

Bitwarden fits if you want to set up quickly at no cost. The free tier is fully functional from day one. Import from Chrome, Firefox, or Safari takes under 5 minutes. The vault health reports (available on Premium) flag weak, reused, and exposed passwords — exactly the audit you need post-breach.

Dashlane fits if proactive breach monitoring is the priority alongside a new manager. The dark web monitoring on Premium scans 20 billion records and will alert you when your credentials appear in future incidents — reducing the lag between breach and notification.

Proton Pass fits if the breach made you re-evaluate what metadata your password manager stores. Proton Pass encrypts URL data — the field the 2022 LastPass breach exposed as a gap that standard zero-knowledge doesn't cover.

Bottom line

Bitwarden for most people — get set up quickly, start rotating passwords, use vault health reports to identify remaining reused credentials. Dashlane if you want ongoing monitoring to catch future incidents faster. Proton Pass if the breach changed your thinking about what metadata a trusted tool should store.

My password manager was breached — what do I do Password managers with dark web monitoring How to switch password managers without losing data Quick decision: after a breach