I'm talking about things like client FTP logins and apps / services that don't provide multiuser functionality.
We've used and/or evaluated everything from a shared KeePass db, to commercial apps like Password Manager Pro[1], Passwords Max for Groups[2], and Passpack[3] to a protected Google Docs sheet and an Excel file in Dropbox.
The KeePass solution seems to be the "best", though there are still some caveats - is there a best practice here? Do most small engineering groups roll their own?
1. http://www.manageengine.com/products/passwordmanagerpro/
2. http://www.authord.com/PP/ppgroups.htm
2. http://www.passpack.com/en/home/
Inside engineering, we have been experimenting with a shared keepass db that we move between machines directly using git.