Blog
← Back to Blog
August 10, 2017 general

Password Managers for Practices: A Practical Setup Guide

Digital password security concept

We've been recommending password managers for over a year now. After the LinkedIn breach, Yahoo (twice), and every credential-stuffing attack in between, the case is clear: human beings can't maintain strong, unique passwords across dozens of accounts. Password managers can.

But "use a password manager" is advice. This post is the implementation guide. Here's exactly how to pick one, set it up, and get your whole team on board.

Which Password Manager

For business use, we recommend these options:

LastPass Teams/Business ($4-6/user/month)

Pros: Familiar interface, good browser extensions, shared folder support for team credentials, admin dashboard for managing users. Works on every platform.

Cons: Has had some security incidents (though the encrypted vaults were not compromised). Cloud-based, which some people are uncomfortable with.

1Password Teams/Business ($4-8/user/month)

Pros: Excellent security architecture, clean interface, "Travel Mode" for crossing borders, strong family plan option for employees. Great documentation.

Cons: Slightly steeper learning curve. Historically Mac-first, though Windows support has improved significantly.

Bitwarden ($3-5/user/month)

Pros: Open-source, very affordable, can be self-hosted for maximum control. Solid browser extensions and mobile apps.

Cons: Less polished interface. Smaller support team.

All three are solid choices. For most practices, LastPass or 1Password are the easiest to deploy and manage.

The Setup Process

Step 1: Admin Setup (30 minutes)

  1. Create the business account
  2. Set the password policy (minimum 14 characters for master password, require 2FA for vault access)
  3. Create shared folders/vaults for team credentials (one for practice-wide accounts, one per department as needed)
  4. Invite team members

Step 2: Individual Setup (15 minutes per person)

  1. Each team member creates their account with a strong master password
  2. Install the browser extension on their workstation
  3. Install the mobile app on their phone
  4. Set up two-factor authentication for their vault
  5. Import any passwords from their browser (Chrome, Firefox, Edge all export saved passwords)

Step 3: Migrate Shared Credentials (1-2 hours)

  1. Identify all shared accounts (insurance portals, vendor logins, supply company accounts, etc.)
  2. Add them to the appropriate shared folder
  3. Generate new, strong passwords for each account
  4. Remove passwords from sticky notes, spreadsheets, and shared documents

Step 4: Ongoing Management

  • When someone leaves, disable their account immediately (this revokes access to all shared credentials without changing passwords)
  • When someone joins, add them to appropriate shared folders
  • Periodically review shared folder membership
  • Use the password manager's security audit feature to identify weak or reused passwords

Getting Buy-In from Your Team

The most common resistance: "It's one more thing to remember." Address this head-on:

  • They only need to remember ONE password now (the master password), instead of dozens
  • The browser extension auto-fills passwords, so logging in is actually faster
  • No more "I forgot my password" resets
  • No more shared passwords that need to change every time someone leaves

Set a deadline. "By [date], all practice accounts must be in the password manager." Make it mandatory, not optional. Offer to help anyone who needs it during the transition.

A password manager is the single highest-impact security improvement most practices can make. Stop recommending it to yourself. Implement it.