If you’re tired of hearing about passwords, constantly complain about passwords, or just don’t get why there’s so much focus on passwords, you’re likely experiencing Password Fatigue. Yes, it is a real thing, and it’s growing into a big problem for business owners, managers, and cybersecurity professionals. But before we get into all of that, here are some things you may not realize about passwords.
- The password rules we all hate were developed in the 1980s from a discredited whitepaper
- An average person has 100 passwords across various services and websites
- About 2/3 of people reuse the same password for multiple online accounts
- A 12-character password take 62 trillion times longer to crack than a 6-character password
- 60% of people use extremely easy to guess passwords
- The average employee spends over 10 hours of their work year inputting passwords
If you stopped reading after the first couple, you, like so many others, are tired of passwords. And no one can blame you. Until just recently, password rules lacked any type of human consideration. Very few people have the ability to remember a password that is at least eight characters long with one number, one letter, a capital letter, and a symbol, which gets changed every 90 days.
And when you add a requirement that each account has a different password, it gets insane.
Yeah, people are tired of passwords, and for a good reason.
What is Password Fatigue
We all know that passwords are important, but let’s break down why they are essential. The internet introduced a great many conveniences to the world. From instantaneous written communications to instantly sharing personal experiences to on-demand entertainment or shopping options, we can do more from the couch in an hour than previous generations could do in a week.
Along with it came the introduction of secure transaction technology or, as you may know it, user names and passwords.
For all of those different things that you can do, every account requires a user name and password. Just like your house, car, and bank have a lock and key, your user name is your digital lock, and your password is the key. In the digital world, just as in the real world, there are thieves who want to find ways to pick those locks and steal what’s inside.
You don’t use a plastic toy key and lock to protect your house, so why would you use one to protect your bank account?
So we need a strong password. Got it. Except you don’t use the same lock and key for your house and car, right? No, because if one gets stolen, you don’t want the thief to also have access to the other. Yeah, that makes sense. But if the average person has 100 user accounts and passwords, and the average business employee has 191 user accounts and passwords, does that mean you need a separate password for each? Yes, it does.
Now imagine changing those passwords every 30, 90, or 120 days.
This is how we get terms like Password Fatigue.
Dealing with Password Fatigue
There is no doubt that Password Fatigue is a serious problem. It causes people to take shortcuts like reusing the same password or using passwords that are easy to remember – making them easy to guess. This significantly increases the potential of a breach in the business world, and personally, it puts you at risk for identity fraud.
That being said, there are two solutions that will greatly reduce the effects of Password Fatigue and help to avoid its negative impacts on people and organizations.
1. Use a Password Manager
Perhaps the most daunting cause of Password Fatigue is the sheer number of passwords we’re expected to remember. A password manager stores the password for you in a secure, encrypted location. Instead of struggling to remember 200 passwords, you only have to remember 1.
By far the easiest, inexpensive, and most convenient option available for both businesses and personal use, everyone should be using a Password Manager.
2. Use a Single Sign-On Service
You may have heard the phrase Zero Trust in cybersecurity news articles. It’s part of an access model to simplify and strengthen access control for all users. At a fundamental level, it’s about protecting a user’s online identity to protect their access. There is an entire industry built around identity control called Identity-as-a-Service (IDaas). These tools connect identities to web applications without propagating passwords across multiple systems.
In essence, this means that you use one password to log into multiple systems.
While this has long been an enterprise-level solution, the costs of these systems are coming down to a manageable level for small and medium businesses. Much of this can be attributed to the recent pandemic and requirements for work-from-home. If you’re interested in exploring one of these services, give us a call for more information and a free quote.
The reason Password Fatigue is so dangerous is that it discourages security and awareness. When people get tired of doing something, they typically stop. That’s human nature. The problem is that cybercriminals will never stop.
So all Password Fatigue does is make you or your business more vulnerable.
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades, I’ve worked as a technician, trainer, technical writer, and manager in small business, enterprise organizations, and government. In addition, I’m an author, having published multiple works available online and in print. You can find my creative work at https://WritingDistracted.com