The post-it on your monitor isn't a security strategy

When I look at how small (and not-so-small) organisations handle passwords, the solution is usually one of these: a shared excel file, a Notion page, Post-its on a monitor (really), an identical password everywhere, or my favourite: “ask Maria, she knows them all”.

The obvious fix for this is a password manager. Most people have heard (and ignored) that advice a million times. But there’s a feature in most of them that rarely gets a mention, and it’s the one that can really make a difference for teams: shared vaults.

It’s pretty straightforward. Instead of every team member storing company passwords in their own personal password manager vault (or their head, or that excel sheet…), you create a shared vault for the team or even for a specific project. Then everyone with proper access can use the passwords stored inside it.

The interesting part is the permission levels. You can give someone “read-only” access to the vault, which lets them log in to services without ever seeing or being able to change the passwords. They click, they log in, they do their work. All this without ever knowing the passwords.

And when someone leaves the organisation, whether on good or bad terms, you don’t have to go round changing every password they might have used. You simply revoke their access to the shared vault and you’re done. No more “did anyone change the Canva password?” two weeks later.

Most well-known password managers offer something like this (Bitwarden, 1Password, …). Just pick the one that works for you and your budget.

It won’t fix everything, but it’ll fix the scenario where someone walks out the front door with a laptop and a grudge.

Colin

← Back to archive