Often I end up doing server administration for clients as part of developing web applications, I always set up access for myself using an SSH Key pair. I usually end up choosing a random password for the root account and emailing that to my clients. The client sometimes doesn't even need to have access, I just want to make sure and not be the only one holding the keys in case I'm not available, or they switch to another developer.
For non-technical clients, what is the best way to manage, store, and communicate important passwords and credentials?
Personally, I use Lastpass, but requesting a client to signup to share one password which can't be used via the browser seems a little off.
Best Answer
If I am the sole admin in an organization and nobody else has the technical skill or inclination to manage the systems my personal preference is to demonstrate that the passwords work, then give them to the client on paper, in a break-open box (I use KeySure boxes http://www.keysure.net/keycontroller.html).
If I am hit by a bus, quit, or get let go all they need to do is break open the box and they have all the passwords I've set/changed.
If I'm still around and I notice that the key box has been broken open I know someone has the passwords who shouldn't (or someone who should have them is touching stuff without telling me) -- This offers some protection from well-meaning folks trying to "fix" a problem and destroying a stable environment.
In larger companies like the one I'm at now the back of our Site Operations book contains a page of (PGP-Encrypted) passwords for stuff that does not use key-based authentication. The passwords are accessible to the C-level officers of the company, as well as the senior admins & developers, either by cutting and pasting from a PDF of the Site Ops book or in the absolute worst case by carefully re-typing the encrypted block.