Password manager adoption at Duke University: what IAM teams missed

TL;DR: Duke University tripled enrollment after migrating to a new password manager, while security teams still found groups sharing vaults, mixing personal and work accounts, and bypassing consistent password hygiene, according to 1Password. The lesson is that password security improves only when usability and governance are aligned, not when tools exist in name only.

NHIMG editorial — based on content published by 1Password: Duke University's password manager migration and adoption story

Questions worth separating out

Q: How should organisations improve password manager adoption in large environments?

A: Focus on workflow fit, onboarding support, and platform consistency.

Q: What goes wrong when teams share a single password vault informally?

A: Informal shared vaults weaken accountability because ownership becomes unclear and access is hard to audit.

Q: Why does user experience matter in credential governance?

A: User experience matters because people work around controls that are slow or awkward.

Practitioner guidance

• Measure adoption, not just deployment Track active use, vault participation, and migration completion by team so the programme reflects real credential handling rather than licence counts.
• Eliminate informal shared-account patterns Require each team vault to have named ownership, defined membership, and a clear purpose so shared access does not blur accountability.
• Test the workflow across every endpoint class Validate the password manager experience on Mac, Windows, and Linux before scale-up so platform friction does not drive shadow workarounds.

What's in the full article

1Password's full article covers the operational detail this post intentionally leaves for the source:

• The internal migration and onboarding approach used to move staff and students onto the new password workflow
• The user experience and cross-platform implementation details that supported adoption across Mac, Windows, and Linux
• The internal training and knowledge-base practices Duke used to help groups change their day-to-day password habits
• The practitioner-facing product demonstration and implementation context described in the source article

👉 Read 1Password's case study on Duke University’s password manager migration →

Password manager adoption at Duke University: what IAM teams missed?

Explore further

View Full Forum →  |  NHI Foundation Course →