Back in 2012, we implemented an organization-wide password manager here at NTEN, finally replacing our comically insecure “Shared Passwords” document, and the all-too-common practice of reusing the same password across a variety of different sites.
The idea of using a password manager had been on our radar for several months, but we had any number of excuses for why “now” wasn’t the right time:
- We’ve never had issues with our “Shared Password” document to this point.
- No hacker wants access to our accounts as a small nonprofit, so “admin” is a fine password to keep using everywhere.
- There are a lot of reports saying password managers themselves can be insecure.
- We already have too many systems, so I don’t want to force staff to learn yet another one.
- We’re too busy right now, so maybe we can implement this next year.