• Mission Control
  • Posts
  • The one security practice that would prevent 80% of nonprofit breaches

The one security practice that would prevent 80% of nonprofit breaches

If you're still writing passwords on Post-its, read this.

Author

Jordan Krueger
December 01, 2025

  • 123456

  • admin

  • password

Wouldn’t be surprised if anyone reading this is guilty of using one of these, just because they were fed up with trying to figure out a new password!

And how many of us are using something like Summer2019! as the password to a shared account for our team? 

I know passwords—and 2-factor authentication—can be frustrating. I work with enough nonprofit teams to know that the folks who don’t have a solution to figuring out new passwords, and managing, them are overwhelmed.

But there’s two secrets to digital security I need everyone to understand: 

  1. You can solve 80% of your digital security woes by “figuring out” how to solve passwords forever, and; 

  2. It’s actually really easy to do this with a real password management tool like 1Password. 

Why password managers change everything

A password manager does the hard part for you: creating new passwords that meet these criteria:

  1. Random

  2. Unique

  3. Long (19 characters or more!)

  4. Complex

Every password you use should match these requirements to ensure the best safety possible. A good password looks like this: JWP0rez8hxv_ckm@ymh

And once you have a new password for an account you’re creating, a password manager will store it with your other login information and then, most importantly, retrieve it and help you log in automatically when you access the site. 

What this actually prevents

With a password manager properly implemented, you eliminate:

  • Password reuse across platforms, which makes it easier for hacked password lists to reveal your login and password on other sites

  • Shared passwords via insecure channels

  • Post-employment access problems

  • Phishing attacks (because the password manager won't autofill on fake sites)

  • That one person who knows everyone's passwords

This isn't everything you need for security, but it's the foundation and can get you about 80% of the way to “a good security infrastructure.” And without it, nothing else matters.

It’s a lot easier than you think

Implementing a password manager personally, and with your team, is a lot easier than you think. I use 1Password with all my clients, and one onboarding session is usually all it takes to get people started, with a follow-up cleaning up any open issues.

Let’s get started!