9 steps to a successful top-down approach with your password manager

When implementing a password manager, some companies choose to make using the new tool optional rather than compulsory for employees. Companies that take this route often face hurdles around adoption of their password manager, and they see fewer employees develop the habit of using a password manager to secure all their sensitive information.

Meanwhile, other companies choose to require the password manager across the company, approaching the roll-out as a top-down initiative with a C-suite-level mandate. This requires thoughtful change management and, when successful, the key goal of improved cyber security is met through the global implementation of a company-wide password manager. "Change management" means managing the change — this is something that happens when new policies or processes are mandated across a workforce.

Bitwarden data and customer surveys have shown that companies that take this approach have higher adoption rates for their password manager — and are therefore more secure. They are able to ease the burden of employee provisioning and deprovisioning, create and enforce company-wide credential policies, and reduce risk through the use of shared credentials — to name just a few of the benefits of requiring adoption of a password manager across the company.

Here are seven proven principles to follow when implementing a password manager across the entire organisation:

Take advantage of these pre-written email templates that will help you announce the roll-out of Bitwarden Password Manager to your end users and IT team. It’s also important for employees to see senior executives talk about security on all-hands or town hall calls and in presentations to help kick-start buy-in.

Implementing any requirements across an organisation requires flexibility, clear communication, and consistency. Introducing password management is a common path for enterprises that take security seriously. Those setting the requirements need to clearly document and communicate these policies; employees need a way to understand and acknowledge what’s expected of them. Consider Why bring Bitwarden to your entire business – it might convince you to do so. 

Use our detailed roll-out guides to help make Bitwarden a success at your organisation. Read through Rolling out the Bitwarden Password Manager to your Organisation and use the Bitwarden Enterprise Password Manager Implementation Guide to help you structure and schedule the key phases of your roll-out.

Have your IT department set up training sessions across the company to support all employees in learning how to use the new password manager. These can be organised by department or team, and can be virtual training sessions available to everyone.

Companies can add an element of hands-on learning by storing passwords that employees need for their daily work in the new password manager and asking them to access the password manager to get the login credentials. This ensures that they follow through on logging into Bitwarden and is a fun way to help employees learn how to use their new password manager.

There are many reasons to discourage, or even prohibit, employees from using browser-based password managers: lack of cross-browser support, limited device compatibility and secure sharing. Probably the most important issue is security. Browser-based password managers simply lack critical security features such as advanced multi-factor encryption and authentication to protect your credentials. Also, keep in mind that browsers are built to give you access to websites, not to protect your credentials with end-to-end encryption. Learn more about why companies are looking beyond browser-based password managers here. 

Additional resources

Instructions on how to deactivate browser password managers using device management

Instructions on how to automate deployment of Bitwarden browser extensions to users with an endpoint management platform or group policy

Make your password manager part of the default software suite given to all employees on their work computers. This reduces the friction of users needing to install the software themselves and sends the message that cyber security is a core priority at your company. Here’s a useful guide on how to deploy the Bitwarden browser extension company-wide.

Prioritise building a cyber security culture in the workplace by implementing key strategies, such as ensuring credential security best practice and regular cyber awareness training. Cyber security and strong password management practices are not a set-and-forget matter — they require regular training, reminders, check-ins and educational opportunities.

Organisations that want to promote a robust, top-down cyber security culture should ensure that C-suite executives understand the reasoning behind the need for a password manager, and that VPs, directors and other people leaders share this information with their own reports and encourage them to use Bitwarden. Provide them with special Bitwarden training geared towards leaders, such as how to manage a team collection, and use this as an opportunity to practise change management skills.

Some organisations may worry about the cost of implementing a password manager company-wide, but history shows that data breaches are far more expensive. According to IBM’s Cost of a Data Breach Report 2024, the average cost of a breach in 2024 is $4.88m USD — a 10% increase on last year and the highest total ever.

What’s more, a relaxed, inconsistent approach to cyber security on the part of an organisation can lead to the exposure of highly sensitive information — nearly 10 billion passwords were publicly uploaded and exposed in the rockyou2024.txt file. Organisations that make their password manager rollout a top-down initiative with a C-suite-level mandate are poised to potentially save millions, while protecting their company’s most sensitive information and optimising their employees’ time.