[benlaud]

That is the policy for my previous company:

1. Avoid sharing password between people. For example, in using Amazon Web Service, it should use IAM and every admin login with their own account.

2. Master password (e.g the owner of AWS) and credentails should be kept in a same place. The information are encrypted by a software called KeepassX and won't share on the Internet. Ofcoz, backup is still needed.