According to Beyond Identity, companies lose an average of $480 in productivity per employee per year due to the time it takes to resolve password issues.
Password fatigue is a condition that occurs when trying to create, remember and use different complex passwords for each of our online accounts. This incident puts undue stress not only on individual users, but also on organizations and security professionals trying to protect critical data and other assets. A recent report from passwordless security company Beyond Identity looked at the problems and pitfalls of using passwords.
SEE: Mobile device privacy policy (TechRepublic Premium)
As for its research, “Measuring Password Fatigue: Impact on Usability and Cybersecurity,” Beyond Identity surveyed 1,047 Americans, including more than 600 full-time employees, to determine how password fatigue is affecting their daily lives. Among the respondents, 39% said they felt a high degree of password fatigue, especially the anxiety of having to remember the passwords for all their accounts.
Password requirements, forced changes, security questions, and other actions that organizations take to secure their network accounts and data have created confusion and stress for everyone both physically and mentally. personal and professional aspects. More than three-quarters of those surveyed said password fatigue affects their productivity and mental energy.
The more accounts you have to create and organize, the greater the password fatigue. Of the respondents who reported a high level of fatigue, 56% needed to create a new account at least once a week, 31% created an account at least once a month, and only 25% said they rarely had to. new account. Reviewing activities that lead to password fatigue, password reuse for multiple accounts, and using the same password for different accounts have a high percentage of the list, while using passwords auto-generated is low.
Among the full-time business users surveyed, 34% said they create a new account with a password at least once a week. On average, they spend a little more than 12 minutes each time they have to create or recover a password for a new account. Furthermore, about 80% admit that they reuse passwords for some, many or all of their work accounts.
In addition to causing security problems, using passwords costs money. On average, organizations spent $480 per employee per year wasting time due to password problems. At organizations where employees acknowledge high levels of password fatigue, that cost has risen to $670 per employee.
When asked how they currently store their passwords, 72% of respondents said they store them online, 57% store them locally on their computer, 37% write them down, and 11% attempt to write them down. remember them. People naturally turn to different methods for storing or managing their passwords. Some use Microsoft Office or the Google Workspace suite, which means they save their passwords as clear text in a document or spreadsheet. Others rely on password managers or the browser’s autosave functionality.
Some people use multiple ways to pair their passwords. But that can lead to greater stress. The survey found that people with high password fatigue often rely on a variety of methods to store and manage their passwords, while those with low password fatigue often use several methods. minimum.
How can individuals and organizations get a better handle on not only their passwords, but their overall authentication process? Here are a few tips.
Consider single sign-on. Single sign-on allows employees to use one set of credentials to gain access to different but related accounts and applications. This technology is available to organizations to help reduce the number of passwords employees need to remember and the number of times they have to log in throughout a day.
Consider biometric solutions. Many other operating systems, websites, and applications are supporting face or fingerprint scanning to log in to a specific account. Using biometrics is easier to access on mobile devices than desktop computers because the technology is already built in. But even on a PC, you can use biometric scanning to sign in to Windows, visit supported websites, and sign in to supported apps.
Request two-factor authentication. Weak passwords can be easily compromised in a data breach, resulting in ransomware attack and take over accounts. With the right type of two-factor authentication, an attacker can’t use any of the passwords that were leaked during the breach to gain access to an account without that second form of authentication.
Switch to a password manager. Passwordless authentication methods are becoming more popular. The FIDO Alliance in conjunction with Google, Microsoft and Apple recently announced support for a new passwordless technology that will use the password stored on your smartphone to log you into nearby devices. However, for now, we are still stuck with passwords and so password manager is still the best choice for you to create, store and apply your login information among all your accounts. your account and application. Most password managers offer an enterprise version or an enterprise version that can be deployed and managed within an organization.
