Tools

Solutions and ideas for password sharing policies

Using KeePass? For shared organisational KeePass (with organisational accounts, e.g. Twitter), "authoritarian approach" worked: enforcing a strong password that is kept in personal KeePass database.
Change master password for organisational KeePass every six months, or when staff leaves (includes also changing passwords to organisational accounts)
- or have several shared KeePass databases, which would facilitate different groups working together
- everyone keeps a copy of the KeePass databases on their computer, there is one person who manages each shared KeePass database and distributes it among people using (encrypted) email or project management system
- when people create passwords that should be shared, it is emailed to the appropriate person who is managing passwords, and this person distributes it

Keep the backup of the passwords for organisational accounts (even if this is managed by one person)
Separate personal communications from organisational communication.
When changing passwords, always store it in KeePass and backup KeePass database
Whenever possible, avoid sharing passwords and keep personal accounts separate and private.
Have an administration account system that is managing the group of accounts, and create space for storing the memory of the organisation in a space that is co-accessible.
In some instances, you may design a password management system not (initially) based on password management software. Some ways to approach this include:
- identify key accounts (social media, org email, ebank, etc.) and then use accounts grouping if possible, and have a person responsible for managing a grouping of accounts,
- introduce strong password skills,
- introduce secure passwords sharing communication channels (signal, crypto.cat)

This page contains: