| How do I manage passwords properly for my nonprofit organization? | Stop trying to remember your passwords, and be ready to share or change them easily. Use a password manager to make it painless. |
Passwords are not interesting.
When you’re a harried nonprofit manager or admin person with pressing, world-changing priorities, we can’t blame you for ignoring passwords. Every other item on your To Do list is probably more interesting and more important than this one.
But a day will come when you realize this topic — however boring — deserves ten minutes of your time. A few minutes today is much less painful than the alternative.
You use passwords dozens of times a day, almost entirely when interacting with computers. A password tells a computer that you are you. It gets you access to the hidden treasures of your computer, other people’s computers, and the world wide web.
Sometimes you know when you are using a password. A box pops up and prompts you to type or speak the secret word. You might pause for a second trying to remember it, maybe even get it wrong on the first try or two. When you get it right, the prompt disappears and a portal to another world opens up. Or money appears in your bank account. Or packages arrive on your doorstep. Magic.
Other times, you don’t know you’re using a password. Your computer connects to your home WiFi network because it remembers the one you entered back in 2016. Facebook loads because you’ve been logged in forever. Passwords are there, quietly opening doors ahead of you.
At work, especially at nonprofits, you’re swimming in passwords. They get you into your computer, your email, your word processor, your financial records, your donor lists, your social media accounts, your constituents, your government files …
The difference between work and home is that work passwords don’t let you access your data. They let you access other people’s data.
This is why you need to think about passwords differently when you are at work.
The data you access at work is not yours. It’s not yours to share, yours to lose, yours to compromise, yours to sell, or yours to hoard.
Entering a password at work feels like the exact same act as entering a password at home, but it’s not. At work, your responsibilities are different.
First, stop trying to remember your passwords. Being able to remember your passwords is a weakness, not a strength. If you can remember all of them, it means they aren’t secure. Secure passwords are long strings of characters that mean nothing, and they are never re-used from one account to the next.
Be prepared to share. Your passwords are not yours. There will come a time when someone else needs access to them. Plan for this in advance.
Be prepared to change your passwords — all of them — all at once. There will come a time when you need to do this. Again, plan for it in advance.
If you can’t share or change passwords painlessly (let’s say in less than one hour), then you are going to have a bad day. We can’t say when it will happen or why, but it’s coming. You will be frustrated, and annoyed. You will hate passwords with a passion that eclipses a thousand suns. You will wish you’d read this article.
Passwords are boring, but the data behind them is not. Your client lists, your donor information, your campaign strategies, and your bank accounts are precious. They are the foundation upon which you build your programs and create change in this world.
Every organization needs to provide its team with secure access to data and resources. They need a system that is secure (which means no sticky notes or shared Word documents with sensitive login information). They need to strong use passwords (which means not using real words or reusing the same ones). They need to ensure the entire team is keeping organizational data safe. And they need to do it in a way that doesn’t consume too much of valuable time and mental energy.
Because honestly, you have more important things to think about.
If you aren’t already using a password manager, get one. Do it this week. It is the easiest way to prevent headaches in the future, plus they make your daily life easier.
The best part about these tools is that you’ll only ever need to remember one password ever again … which frees up space in your brain for the stuff that really matters.
If you are worried about data security, you’re wise. LastPass used to be one of the leading services, but their track record isn’t great. It is possible that the service you choose will make a mistake and you’ll need to change everything to re-secure your data.
That said, you will definitely have a password problem if you stick with normal habits like using passwords that are easy to guess, re-used often, written down in unsecured locations, managed by individual employees and volunteers, and not backed up. The first time an employee leaves or gets sick, you’ll realize you can’t access crucial information anymore or the handover process will take days. A password manager solves more problems than it creates.
The Organizer is a newsletter for people working to create equitable and sustainable communities. Whether you are part of a nonprofit, a charity, or a social enterprise, this newsletter is for you.
Each edition, we explore one aspect of social impact work. We answer a common “How do I …?” question, and we tell you about a tool that will help make your work a little easier. Subscribe for free at Entremission.com.