Let me cut straight to it: the single most impactful security upgrade your organization can make is adopting a password manager.

Not two-factor authentication (though that’s important too). Not a fancy firewall. Not a security audit. A password manager.

The problem

Here’s what I see at nearly every nonprofit I work with:

  • Staff sharing passwords via Slack DMs or Google Docs
  • The same password used across multiple services
  • “Password123!” variations that feel secure but aren’t
  • No process for revoking access when someone leaves
  • Post-it notes on monitors (yes, still)

Any one of these is a breach waiting to happen. Combined? It’s a miracle more organizations haven’t been compromised.

Why 1Password specifically

I’ve used and evaluated basically every password manager on the market. For organizations — especially progressive nonprofits — 1Password is the clear winner:

  • Team vaults let you share credentials securely (no more Slack DMs)
  • Travel Mode protects sensitive data at borders
  • Watchtower alerts you to compromised passwords
  • Admin controls let you revoke access instantly when someone leaves
  • The UI is actually good — this matters for adoption

The onboarding process

This is where most organizations fail. They buy the licenses but never actually get everyone set up properly. Here’s what a good onboarding looks like:

  1. Import existing passwords from browsers and other managers
  2. Set up the browser extension and mobile app
  3. Create shared vaults organized by team or function
  4. Enable two-factor authentication on the 1Password account itself
  5. Train the team on daily workflow (generating passwords, sharing securely, emergency access)

I’ve done this for dozens of organizations now, and the pattern is always the same: 30 minutes of setup, followed by months of “I can’t believe we didn’t do this sooner.”

What about the cost?

1Password for Teams starts at $4/user/month. For most nonprofits, that’s less than one staff lunch.

Compare that to the cost of a breach: legal fees, donor notification, reputation damage, lost productivity. The math isn’t even close.

Take action today

If your organization doesn’t have a password manager, here’s what to do right now:

  1. Go to 1password.com and start a trial
  2. Get yourself set up first
  3. Then reach out to me at passwordsetuphelp.com if you want help getting your whole team onboarded

This post was originally published on Mission Control, my newsletter.