Every volunteer who helps run a library should have their own sign-in - one account each, all opening the same shared library. The alternative, one account with a password everyone knows, feels simpler and works fine right up until a volunteer steps down, a loan gets recorded against the wrong person, or the note with the password on it goes missing.
The shared password fails in three predictable ways.
You can't remove one person without resetting everyone
When a volunteer moves away, falls out with the committee, or just quietly stops turning up, they still know the password. The only way to take their access back is to change it - which locks out every current volunteer at once.
Then the new password has to reach everyone. Someone misses the email, turns up for their desk shift, and can't sign in with a line of patrons waiting. So the password quietly doesn't get changed, and a growing list of past helpers keeps access to the library records indefinitely.
With individual sign-ins, none of this happens. Remove the one person who left. Everyone else carries on, unaware anything changed.
Nobody knows who did what
With one shared account, every checkout, return, and edit was made by "the library". When a book is marked returned but still out, or a loan is closed against the wrong copy, there is no way to tell who recorded it - so there is no way to work out what actually happened, and no way to spot that one volunteer keeps making the same honest mistake and could use five minutes of help.
This is not about blame. Volunteers make mistakes because nobody showed them the right way. Knowing which sign-in did what turns "someone keeps doing this wrong" into "let me show Margaret the returns screen".
The password ends up public
A password that several people need is a password that gets written down - on a sticky note under the keyboard, in a group email, in the church WhatsApp thread. It gets forwarded to each new helper, and each forward widens the circle. Within a year it is not a secret in any meaningful sense.
That matters because the account doesn't just guard the catalogue. It guards your borrowing records and whatever contact details you keep for patrons - names, phone numbers, addresses. A community library runs on trust, and "anyone who has ever helped out, plus anyone they forwarded the message to, can read every patron's details" is not what patrons signed up for.
Why libraries end up sharing one password anyway
Rarely laziness. Usually pricing. A lot of library software charges per manager, per seat, or per terminal, so a volunteer library with six rotating helpers faces a bill that grows with every extra pair of hands - and shares one account to dodge it. Per-seat pricing taxes exactly the thing a volunteer library does most: adding and losing helpers. There is a full look at that pricing shape in library software that doesn't charge per user.
The other reason is history: the library started as one person and a spreadsheet, and the single account simply never got revisited as the team grew. Running a lending library with volunteers covers that growing-up moment more broadly.
What good looks like
- Each volunteer signs in with their own account, to the one shared library - the same catalogue, the same patrons, the same loans.
- Adding a new helper takes a minute and touches nobody else's access.
- Removing a departed helper removes only them. No reset, no redistribution, no lockouts.
- Every checkout and return is recorded under the person who made it.
How Your Book Nest helps
Your Book Nest calls this the Team. Each volunteer gets their own sign-in to the shared library, added and removed freely as helpers come and go - and it costs nothing extra, because up to 20 team sign-ins are included in the flat $60 a year plan, and on the free tier (under 100 items) too, with no per-seat charge. It runs in the browser, so each helper signs in from their own phone as easily as from the desk computer - access belongs to people, not to a machine that stays logged in.
Patrons never need accounts at all - a patron is just a name until you choose to give one a read-only sign-in to browse the catalogue and see their own loans and due dates. You can try the whole thing in the demo on the home page, which is a working library with no account and no card.
The roadmap lays out what is being built next, and what is deliberately left out.
If you must share for now
A shared password is genuinely fine for a library run by one person - there is nobody to share with. And if your current software charges per seat and switching is not on the cards this year, the damage can at least be contained: change the password the same week anyone steps down, keep it out of group emails and message threads, and keep a simple desk schedule so you can roughly attribute a given day's records to a given helper. These are mitigations, not fixes - the fix is software where each volunteer is a person, not a password.
Your Book Nest



