No, you don't give your password to anyone, you just give users one or more bunker urls, each of those is a separate connection with a separate set of permissions.
Discussion
And nsec.app on your devices will be woken up by push API when any app wants to access the keys. If all your devices are offline then it won't respond. For business use case I'd suggest trying our hosted version - install it on your office server/umbrel etc with docker and it will be always online.
Do you have docs on the docker setup?
There's only this: https://github.com/nostrband/noauth#running-hosted-version-with-docker