TL;DR: Secure password managers centralize credentials, limit sharing, and add controls such as collections, access restrictions, secure links, and two-factor authentication, according to Bitwarden. The underlying governance problem remains unchanged: shared credentials still create review, offboarding, and accountability gaps that IAM teams must close.
NHIMG editorial — based on content published by Bitwarden: Secure password sharing for teams
Questions worth separating out
Q: How should security teams govern shared passwords in a business vault?
A: Security teams should govern shared passwords like any other privileged identity path.
Q: Why do shared passwords create governance risk even when stored in a secure manager?
A: Shared passwords create risk because the control problem is not storage alone.
Q: What do organisations get wrong about external password sharing?
A: Organisations often treat external sharing links as a convenience feature instead of a temporary entitlement.
Practitioner guidance
- Inventory every shared credential path Identify where passwords are shared through vault collections, external links, email, chat, and spreadsheets.
- Bind shared credentials to lifecycle events Require rotation and access review when people change roles, leave a team, or exit a vendor relationship.
- Separate operational use from management access Keep day-to-day users from inheriting administrative visibility over the same credential sets.
What's in the full article
Bitwarden's full blog post covers the operational detail this post intentionally leaves for the source:
- Step-by-step guidance on setting up shared collections and granular permissions for teams.
- Specific examples of using secure sharing links for external contractors and partners.
- Implementation details for two-factor authentication on enterprise vault logins.
- Practical password generation and master-password guidance for day-to-day team use.
👉 Read Bitwarden's guide to secure password sharing for teams →
Secure password sharing in teams: where does governance still fail?
Explore further
Shared password programmes fail when they are treated as convenience controls rather than lifecycle controls. Centralised vaults reduce chaos, but they do not by themselves answer who owns a credential, when it should be reissued, or how access is removed after a role change. The practical conclusion is that credential sharing must sit inside lifecycle governance, not outside it.
A few things that frame the scale:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to the Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, which shows how weak lifecycle control remains across identity programmes.
A question worth separating out:
Q: Who should be accountable for rotating shared credentials after a team change?
A: Accountability should sit with the business owner of the credential and the IAM or security function that enforces the process. If role changes or leavers do not trigger rotation, the organisation is relying on memory instead of control. The right model is automated workflow backed by named ownership.
👉 Read our full editorial: Secure password sharing still needs governance, not just a vault