We have A LOT of passwords. Clients trust us with their credentials for domains, servers, sites, and external tools like email marketing and CRMs. Its important that we guard this information.
1Password
No, not using the same password on every site. Thats crazy. We use the application and services of 1Password.
High-level use of 1Password
Every employee has their own account. Full Stop. No need to share 1password accounts. In fact, never do that.
Your 1Password account is 2 parts. An employee vault and the shared team vault. The employee vault is yours and yours alone; no one can access anything you add here. Use it to store your personal work usernames and passwords. Access to your Factor1 Google account, Slack, etc.
We have a shared “vault” that allows the team to add, edit and access the passwords. Any time we need to add a client site user/pass, be sure to add it to the team vault.
Best Practices
- Always include the client’s name in the title. Don’t use initials. This helps us search for their accounts.
- Always use the service name in the title. e.g. MailChimp – Factor1
- Always include the login URL
- Add notes. This can help future us to know that the account has 2-factor authentication to the client, and we can coordinate that.
- Never store client access items in your personal vault as no one else can access that. Move it to the team vault.
- When making a new user/pass: Always generate a secure password. Either on the service site (e.g. WP user creation) or via 1Password