Companies lose an average of $480 in productivity per employee per year because of the time spent solving password problems, Beyond Identity says.
Password fatigue is a condition that occurs when creating, remembering, and using various complex passwords for each of our online accounts. This condition puts undue pressure not only on individual users, but also on organizations and security professionals striving to protect critical data and other assets. A recent report from passwordless security firm Beyond Identity examines the problems and pitfalls of password fatigue.
SEE: Mobile Device Security Policy (Tech Republic Premium)
For his study, “Measuring password fatigue: implications for usability and cybersecurityBeyond Identity surveyed 1,047 Americans, including more than 600 full-time employees, to determine how password fatigue affects their daily lives. Of the respondents, 39% said they experience a high level of password fatigue, especially a feeling of anxiety about having to remember passwords for all their accounts.
Password requirements, mandatory changes, security questions and other actions taken by organizations to secure their network accounts and data have caused confusion and stress for people both personally and professionally. More than three quarters of those surveyed said password fatigue affects their productivity and mental energy.
The more accounts you have to create and juggle, the greater the level of password fatigue. Of respondents who reported high levels of fatigue, 56% need to create a new account at least once a week, 31% create one at least once a month and only 25% say they rarely need to create a new account . Looking at the activities that lead to password fatigue, the reuse of a password for multiple accounts and the use of a similar password for different accounts were high on the list, while the use of automatically generated passwords was low.
Of the full-time business users surveyed, 34% said they create new accounts with passwords at least once a week. On average, they spend just over 12 minutes each time they need to create or reset a password for a new account. Furthermore, about 80% admitted to reusing passwords for some, many, or all of their work accounts.
In addition to causing security problems, password fatigue costs money. On average, organizations spent $480 per employee every year wasting time due to password problems. At organizations where employees recognized high password fatigue, that cost rose to $670 per employee.
When asked how they currently store their passwords, 72% of respondents answered that they store them online, 57% store them locally on their computer, 37% write them down, and 11% try to remember them. People naturally use different methods to store or manage their passwords. Some use Microsoft Office or the Google Workspace suite, which means they store their passwords in plain text in a document or spreadsheet. Others rely on a password manager or a browser’s autosave feature.
Some people use multiple ways to juggle their passwords. But that can lead to more stress. The research found that individuals with high password fatigue generally rely on a variety of methods to store and manage their passwords, while those with low password fatigue typically use a minimal number of methods.
How can individuals and organizations better handle not only passwords, but also their overall authentication processes? Here are a few tips.
Look at single sign-on† Single sign-on allows employees to use a single set of credentials to access different but related applications and accounts. This technology is available to organizations to reduce the number of passwords employees have to remember and the number of times they log in in a day.
Consider Biometric Solutions† More operating systems, websites and apps support facial or fingerprint scans to log in to a specific account. Using biometrics is more accessible on a mobile device than on a desktop because the technology is already built in. But even on a PC, you can use a biometric scan to log in to Windows, access supported websites, and log in to supported applications.
Require two-step verification† A weak password can easily be compromised in a data breach, leading to: ransomware attacks and account takeovers. With the right type of two-factor authentication, a password leaked in a breach cannot be used by an attacker to access an account without that second form of authentication.
Go to password managers† Passwordless authentication methods are becoming more and more ubiquitous. The FIDO Alliance in partnership with Google, Microsoft and Apple recently announced: support for a new passwordless technology which would use passkeys stored on your smartphone to log in to nearby devices. For now, though, we’re still stuck with passwords, so a password manager is still the best choice for creating, storing, and applying your credentials between all your accounts and applications. Most password managers offer a business or enterprise version that can be deployed and managed within an organization.