Best to use SSO for SaaS passwords. This is where your whole team has a Microsoft or Google (or other identity provider) login administered centrally by the company that is further used to authenticate to various services.
As opposed to "login with Facebook etc." logins that are individually administered by each end user for each app.
This is low fruit for many things but often companies require you to be on an expensive SaaS pricing tier to use SSO on their product.
Next problem to solve is Software Engineer's cloud secrets. Use key vaults in your cloud for this. Use SSO to authenticate your team to that cloud.
Enable 2fa as much as possible. TOTP not SMS.
Finally you will need people to save passwords for some stuff. Lastpass or Bitwarden etc.
Avoid shared passwords. Sometimes unavoidable in which case rotate them often and when people leave too.
As opposed to "login with Facebook etc." logins that are individually administered by each end user for each app.
This is low fruit for many things but often companies require you to be on an expensive SaaS pricing tier to use SSO on their product.
Next problem to solve is Software Engineer's cloud secrets. Use key vaults in your cloud for this. Use SSO to authenticate your team to that cloud.
Enable 2fa as much as possible. TOTP not SMS.
Finally you will need people to save passwords for some stuff. Lastpass or Bitwarden etc.
Avoid shared passwords. Sometimes unavoidable in which case rotate them often and when people leave too.