Password fatigue is the term given to the feeling of exhaustion or resistance to creating and using complex passwords. This behavior often results in technology users opting to reduce the complexity in the passwords they set. This feeling is said to arise as a result of needing to remember an excessive number of passwords.
An average adult may own up to 90 different online accounts, according to a 2015 survey by Dashlane of 20,000 users. It can be a challenge to set and remember different passwords for every account. To make matters more difficult, there can be specific complexity requirements for passwords: a certain number of characters, lowercase/uppercase or special characters, and other requirements. Furthermore, the widespread adoption of SaaS has increased the number of accounts an average user has to sign in to.
In another survey, LastPass reported that the average employee has to keep track of 191 passwords. The struggle to manage all these passwords is substantial. When a user suffers from password fatigue, it can lead to a password’s over-simplification or reuse. Fear of forgetting these passphrases can also contribute to password fatigue. However, most users underestimate the likelihood of data breaches due to insecure credentials.
Password fatigue is a serious security risk that can lead to personal or workspace data breaches, or other types of intrusion. Users experiencing password fatigue are also susceptible to phishing, in which a victim (the user) is contacted by an intruder through a fake identity. From a business or employer point of view, authentication is vital for the security of their system so some type of login credentials remain necessary.
A business can minimize password fatigue for its employees by adopting password manager or sign-on solutions.
A password manager stores the credentials for the user so they don’t have to remember the credentials. The password manager is accessed through one master password, which then provides access to the user to all the saved credentials in the password manager.
In a single sign-on solution, a user can use the same credentials to log into several related or independent applications. Single sign-on users are relieved of the need to remember dozens of passwords but the business can also benefit from a reduced likelihood of password fatigue in their organization. Single sign-on solutions can also boost employee productivity by minimizing the time spent in entering and resetting passwords.
Regardless of the method or solution used to create and store security credentials, businesses should also educate their employees on the best practices for strong passwords.
While browsers and operating systems offer built-in secure storage for log-ins, businesses often opt for application or cloud-based managers or single sign-on solutions to help mitigate the risk of password fatigue within their organization. Some of the top-rated password managers include LastPass, Dashlane, and Keeper. For single sign-on, top-rated solutions include Duo Single Sign-On, Ping Identity, and Microsoft Azure Active Directory.
Businesses use password managers to store strong passwords so that employees don’t have to memorize them or write them down in places where they could be stolen. Password management software also eliminates the need to share plaintext passwords with coworkers by leaving a note on their desks or sending them an email with the password.
Too, password managers largely eliminate the need to share login credentials for business platforms and enterprise applications across internal communications channels.
With companies relying on cloud-based platforms for business-critical systems like customer relationship management, enterprise resource planning, finance, logistics, product lifecycle management, shared cloud storage, wireless networks, VPNs, productivity suites, and many more, an enterprise-wide password management system reduces the password fatigue that arises from needing to remember multiple passwords.
For example, if several employees are responsible for updating their company’s social media presence, IT may make the decision to issue a single set of credentials for the employees to share. In a situation like this, those employees might need to send the shared username and password through email, over chat channels, or even pass a sticky note from cube to cube.
Password managers not only collect these credentials in a secure environment, but also allow IPSec teams to easily control access for new employees, revoke access for employees who have left, and even enforce password complexity and aging standards.
The stakes for keeping passwords safe across the enterprise as a comprehensive data security strategy have never been higher. In a 2021 study by Infosys, researchers estimated that the world’s top 100 most valuable brands stood to lose value totalling between $93 billion and US$223 billion were a breach to compromise their mission-critical systems.