What is password fatigue?
Password fatigue is the overwhelming feeling of stress and exhaustion resulting from the excessive number of passwords users are required to maintain for their various accounts. As the list of complex and diverse passwords increases, so does the confusion and inability to remember them.
Password fatigue, also referred to as password chaos, occurs more frequently nowadays since users are required to maintain good password hygiene. This includes not reusing passwords across accounts, and selecting difficult passwords containing a particular set of characters, numbers, symbols, and uppercase letters. Even then, sometimes users are required to change these complex passwords after set intervals to ensure the security of their accounts. There is only so much stress the human brain can take. So the inability to keep track of a large number of complex passwords is the cause of password burnout.
The Problem with Passwords
Ever since their introduction to computing in the 1960s, passwords have become the primary authentication method for online services. Unfortunately, with large-scale data breaches, social engineering, and the development of advanced hacking and fraud techniques, passwords are not as secure as they used to be. It does not matter whether a user keeps a strong password or a weak one, hackers have found their way around it. In addition, maintaining a string of complicated passwords and the process of registration, sign-in, sign-out, and password reset create considerable friction in the user’s experience. This results in companies losing clients.
Security Risks Caused by Password Fatigue
Reports show that an average person has about 70 to 80 passwords to remember. Considering that each of these passwords is a unique and complicated string of letters, symbols and characters, this password overload can make users start to feel overwhelmed. Eventually, they resort to solutions that put them at risk, such as:
- Reusing passwords across different accounts: A report by Google shows that 65% of users opt for reused passwords across multiple sites. Even though this makes it easier to remember complicated passwords, it poses a great security risk. If a hacker is able to crack the password once, they can gain instant access to multiple accounts for the same user.
- Opting for easy-to-remember, common passwords: This helps users in recalling a password quickly. According to the latest 2022 statistics by Cybernews, the passwords “123456”, “password”, “qwerty” make it to the list of the top ten most common passwords. Hackers are also smart enough to try common tricks, such as trying to interchange letters, numbers, and special characters changing “password” to “p@ssworD123” and even adding capital letters for "Password."
- Storing all the passwords in one place: Since it is impossible to remember hundreds of complex passwords, many people store all their passwords in a Word document or Excel sheet. Some people also pen down all their passwords on physical paper or diaries. Unfortunately, these documents can get stolen or misplaced, giving hackers instant access to all of the user’s multiple accounts.
- Sharing passwords: This is a commonly occurring practice among friends and family members. Employees also share passwords with each other for sharing work duties. A survey shows that 69% of employees share credentials for access to work accounts. Ultimately, there is no way to control how many times that password is used, reused, or distributed.
- Resorting to password management programs: Even though this appears to be a smart option, it is not safe to store passwords that are secured by a program or app that itself requires a password to access. This is because the password required to open the app can still be cracked by a hacker, which again would give access to the user’s passwords for other accounts.
How to Overcome Password Fatigue
Eliminating passwords from the customer experience is the solution to password fatigue. It liberates users from keeping track of complex, confusing passwords. Additionally, this helps companies reduce user friction and drop-off.
Passwordless Authentication
This is a loosely defined term and can be used to refer to any method of authentication that does not involve the use of a password. However, passwordless does not mean frictionless. Even though passwordless authentication strategy is aimed at eliminating the friction created by passwords, the extent of user-friendliness and improved security depends on the specific replacement authentication method. There are many options for authentication that fall within passwordless authentication including multi-factor authentication and zero-factor authentication.
Multi-Factor Authentication
Multi-Factor Authentication (MFA) requires a user to present two or more factors or pieces of evidence for authentication. It uses additional factors for authentication such as customized personal questions, security keys or biometrics for authentication to increase security. The MFA method is designed to balance user convenience with additional security.
Zero-Factor Authentication
Modern mobile devices carry sensors that provide signals that can be used to recognize trusted users and flag potential fraudsters. Zero-factor authentication (0FA) is a solution to password fatigue since 0FA requires no action by the user and works silently in the background using sensor data as a recognition signal for risk-based authentication.