# Password Manager Rollout Plan

Use this plan to roll out 1Password, LastPass, Keeper, Dashlane, Bitwarden, or another business password manager without creating chaos.

## Phase 1: Policy decisions

- Required MFA method:
- Master password standard:
- Account recovery owner:
- Shared vault/folder naming convention:
- Emergency access process:
- Offboarding checklist owner:

## Phase 2: Pilot

Choose 5-10 users across admin, finance, sales, and technical teams.

Pilot tasks:

- Import existing passwords safely.
- Create shared vaults/folders for team credentials.
- Test browser extension and mobile login.
- Test account recovery.
- Test employee offboarding.
- Confirm logs and reports are visible to admins.

## Phase 3: Company rollout

- Announce why the tool is being adopted.
- Give users a 30-minute setup window.
- Require MFA before migration is considered complete.
- Move shared credentials out of chat/docs/spreadsheets.
- Disable old shared-password locations.
- Review weak/reused passwords after two weeks.

## Phase 4: Ongoing governance

Monthly:

- Review inactive users.
- Review shared vault ownership.
- Review weak/reused/compromised passwords.
- Confirm recent leavers were removed.

Quarterly:

- Test recovery and break-glass process.
- Audit admin users.
- Review SSO/SCIM settings.
- Update onboarding documentation.