Few names come more readily to mind than the Associated Press (AP) when the subject of news comes up. With journalists in nearly 100 countries and all 50 US states, AP faces unique challenges when it comes to keeping their people – and their sources – safe.

As a global news organization, those risks include increased scrutiny and risk of cyberattacks. Because of the sensitive nature of their work, AP staff are encouraged to use strong, unique passwords to secure their information.

In the beginning, there was no single password manager solution used by AP staff. Instead, several different password managers were being used across the company.

As Danielle Meah, Senior Director of Information Security at The Associated Press, explains: “There was a lack of uniformity across password management and staff were expressing a need for a better solution.”

This created a disjointed process and the AP team saw an opportunity to keep everyone secure, while creating a single location to manage private data. “There was a desire from the editorial side to have a central password manager,” Tucker Ross, Information Security Engineer at AP, says. “Something that our team could manage, control, and revoke access to.”

AP was looking for a password manager that could protect their staff both in their home country and when they were crossing borders while on assignment. Then they discovered Travel Mode.

“One of the most critical things that we do as InfoSec is protect our journalists and protect the sources that they have,” Meah says. “We have journalists traveling to all different parts of the world, including many high-risk countries where you don’t have an expectation of privacy.”

When a 1Password user enables Travel Mode they can choose to temporarily remove vaults from their device. This means that if their device is confiscated or they’re asked to unlock a device, only the 1Password vaults marked as safe for travel will appear – keeping all other information private and secure.

“We highlight travel mode whenever we onboard people into 1Password,” Ross says. “We tell them that they have this ability to designate passwords in the travel vault and limit the risk of something bad happening.”

Using a variety of password managers at AP helped their employees use strong, unique passwords, but it didn’t give Ross and his team the ability to control access to other tools and information.

“One thing that I don’t think is really confined to just the media and journalism space is controlling privileged access,” Ross explains. “Rotating and managing privileges in Amazon Web Services (AWS) accounts, any kind of technical accounts, Secure Shell (SSH) keys, that’s something we’re actively using 1Password for.”

And the monitoring capabilities of 1Password also help AP ensure that their private data stays within the company walls. “1Password has an activity log that’s pretty granular,” Ross shares. “We can see if there’s any kind of suspicious activity, like exporting sensitive information.”

The Activity Log enables admins to monitor events that happen within the team. There are several actions the log tracks that admins can review, including creating files and vault items, changes to user access and groups, and even device authorizations. Revoking access, should someone no longer need certain information to complete their work, is simple with 1Password.

Two-factor authentication (2FA) is often seen as a security boost but can interrupt workflows if the 2FA is tied to an individual device or email account.

Ross explains how this has not only complicated the workflow at The Associated Press, but also created a security risk: “We were seeing some teams share authentication methods in ways that were not as secure as we would have liked.”

For teams that use shared social media accounts, using 1Password as an authenticator for 2FA means that codes can be shared securely between team members. “1Password has really simplified that process,” Ross says. “You can use it as an authentication app and set access control and set audit logs.”

This makes sharing accounts and information seamless between colleagues, while also improving overall security, and access management.

Requiring an entire team that was using a variety of password managers to switch to one solution could have encountered a lot of pushback – but at AP it was a smooth transition.

“People really seem to like it,” Ross says. “We had people using various other tools and the ease of switching over to 1Password was very simple. We get good feedback about the usability from multiple devices, including desktop and mobile.”

“One of the benefits of 1Password is that it’s extremely easy to use,” Meah adds. “In a less technical environment, it’s really difficult to uniformly implement any one technology,” she says. “The fact that we were able to do that with 1Password is hugely beneficial.”

Rolling out 1Password in an organization is a secure and simple process. 1Password works with businesses to develop a plan to implement 1Password and onboard every employee.

“It was a really easy process,” Ross says about setting up 1Password from the technical side. “We were assigned a deployment manager from 1Password who worked with us every step of the way and they were able to give us best practices on securing the account, scaling the account, automating deployment, automating creation, and deletion of users.”

With much of the staff already using various password managers, the real task for Ross and his team was determining which password manager to choose.

Ross dug deep into what features would meet AP’s needs for strong, reliable security. “I was particularly attracted to 1Password because of the security audits the company published,” Ross says. “Also, the use of a private key for decrypting individual vaults and the vault architecture, which would limit the blast ratio if they were compromised.”