It all started with a sticky note.
At a small civil society organisation (CSO) in Nairobi, the team was working late on a community advocacy project. Tired after hours of back-and-forth, one staff member scribbled their shared email password on a sticky note and left it stuck to the monitor: Password123!
The next morning, the janitor was cleaning the office, and saw it. Within days, the organisation’s email accounts had been hijacked, with sensitive correspondence between community leaders and activists exposed. The CSO spent weeks trying to rebuild trust with its partners, but the damage had already been done.
As much as that is not an actual situation that happened, this isn’t an isolated story. Across Africa, many CSOs still rely on weak, shared, or easily guessable passwords. And today, passwords are no longer enough to protect organisations doing critical human rights, advocacy, and community work.
Why Passwords Are Failing Us
Passwords were once the frontline defence of digital security. But attackers have gotten smarter, faster, and better at exploiting human behaviour. Here’s why CSOs should stop depending on passwords alone:
- They’re easy to guess or crack. Attackers know that many people reuse passwords or make predictable choices like “123456” or their organisation’s name.
- They’re easily shared. In organisations where multiple people need access to the same account, passwords get passed around, written down, or stored in insecure ways.
- They’re often stolen. Data breaches worldwide mean billions of email addresses and passwords are already exposed and circulating online.
For organisations handling sensitive data, depending on passwords is like locking your office door, but leaving the keys under the welcome mat.
Stronger Authentication: A New Standard
So, what’s the alternative? Multi-Factor Authentication (MFA) and passwordless security methods.
- MFA: Requires something you know (like a password) and something you have (like a code sent to your phone or an authentication app). This means even if a password is stolen, attackers can’t get in without the second factor.
- Passwordless logins: Tools like biometrics (fingerprints, face ID, voice detection), security keys (like YubiKeys), or app-based logins remove the need for traditional passwords altogether.
For CSOs, adopting these methods can mean the difference between safeguarding your community, and exposing them to risks.
How CSOs Can Start the Transition
- Turn on MFA everywhere. From emails to social media accounts, enabling MFA should be the very first step.
- Use password managers. If passwords are still needed, tools like Bitwarden, LastPass or 1Password help generate and store strong, unique passwords for each account.
- Educate your team. Staff should understand why strong authentication matters, and how to use it without feeling overwhelmed.
- Explore passwordless options. Many platforms (Google Workspace, Microsoft 365, even WhatsApp Business) now offer passwordless login or security keys.
Why This Matters for African CSOs
Civil society organisations across Africa are on the frontline of advocacy, freedom of expression, and human rights. The communities you serve often depend on your ability to keep sensitive information safe.
When a breach happens, it doesn’t just affect your organisation, it can compromise activists, victims, or entire communities. Moving beyond passwords is no longer a “nice-to-have.” It’s a matter of survival.
A Call to Action
At Resilience Technologies, we help African CSOs strengthen their digital resilience with practical tools and solutions. Don’t wait until your sticky note ends up in the wrong hands.
Check out our free resources on stronger authentication and digital safety.
Join our newsletter to stay ahead of threats and learn simple steps to protect your organisation.
Because in this digital age, passwords are dead, but your mission must stay alive.