Let me cut straight to it: the single most impactful security upgrade your organization can make is adopting a password manager.
Not two-factor authentication (though that’s important too). Not a fancy firewall. Not a security audit. A password manager.
The problem
Here’s what I see at nearly every nonprofit I work with:
- Staff sharing passwords via Slack DMs or Google Docs
- The same password used across multiple services
- “Password123!” variations that feel secure but aren’t
- No process for revoking access when someone leaves
- Post-it notes on monitors (yes, still)
Any one of these is a breach waiting to happen. Combined? It’s a miracle more organizations haven’t been compromised.
Why 1Password specifically
I’ve used and evaluated basically every password manager on the market. For organizations — especially progressive nonprofits — 1Password is the clear winner:
- Team vaults let you share credentials securely (no more Slack DMs)
- Travel Mode protects sensitive data at borders
- Watchtower alerts you to compromised passwords
- Admin controls let you revoke access instantly when someone leaves
- The UI is actually good — this matters for adoption
The onboarding process
This is where most organizations fail. They buy the licenses but never actually get everyone set up properly. Here’s what a good onboarding looks like:
- Import existing passwords from browsers and other managers
- Set up the browser extension and mobile app
- Create shared vaults organized by team or function
- Enable two-factor authentication on the 1Password account itself
- Train the team on daily workflow (generating passwords, sharing securely, emergency access)
I’ve done this for dozens of organizations now, and the pattern is always the same: 30 minutes of setup, followed by months of “I can’t believe we didn’t do this sooner.”
What about the cost?
1Password for Teams starts at $4/user/month. For most nonprofits, that’s less than one staff lunch.
Compare that to the cost of a breach: legal fees, donor notification, reputation damage, lost productivity. The math isn’t even close.
Take action today
If your organization doesn’t have a password manager, here’s what to do right now:
- Go to 1password.com and start a trial
- Get yourself set up first
- Then reach out to me at passwordsetuphelp.com if you want help getting your whole team onboarded
This post was originally published on Mission Control, my newsletter.