Having to configure or change passwords on hundreds or thousand of switches can be a daunting and downright boring task. So I suggest using Radius as a much more scalable solution. This gives you a central location to manage users that are allowed to access your network gear.

There is also the added benefit of individual passwords for each user, so you can always tell who did what and when. In a nutshell it makes everyone think twice about changes as, they will be tracked back to the implementor. That means less mistakes. Not that any of us make mistakes. :)

Below is a basic configuration with redundant Radius Servers defined.  The items in red are specific to your environment

set authentication login radius enable telnet primary
set authentication login local enable telnet
set authentication enable radius enable telnet primary
set authentication enable local enable telnet
set radius server 192.168.1.10
set radius server 10.10.10.5
set radius key password