Password Fatigue: What It Is and How to Beat It

According to The 2019 State of Password and Authentication Security Behaviors Report, the average person spends almost 11 hours each year entering and resetting online passwords. As we create more and more profiles and accounts and live our lives online, it’s no wonder that so many people suffer from what’s known as “password fatigue.”

Password fatigue describes the feeling of annoyance and stress people feel with having to craft, remember, and enter tens or even hundreds of passwords at work or school and in their personal lives. Mobile devices have made password fatigue even stronger, as typing on touch screens can be difficult for some users.

As a result, many users choose the simplest passwords possible and often use the same login credentials across numerous accounts. Many sites require passwords to meet criteria like length, numbers, capitals, and letters. Unfortunately, though, hackers have taken advantage of this fatigue with breaches to some of the world’s largest systems. Even worse, a study by Norton found that 40 percent of users don’t bother to create complex passwords or change their passwords regularly.

So, how can we beat password fatigue while keeping sensitive data secure?

On an individual level, commit to creating more complex passwords and changing them often. You can also use a password management software that securely stores all of your passwords in one place, accessible by entering just one master password. Remembering one password is much less tiring and stressful than keeping track of hundreds.

Identity and access management (IAM) professionals are also constantly coming up with innovative alternatives to traditional password login systems. More companies are beginning to adopt two-factor authentication, although it is still far from the norm. Some in the IAM industry believe that biometrics will replace passwords in the future. Fingerprints and face recognition would both strengthen data security and reduce password fatigue by requiring a simple touch or look.

We may even see the implementation of physical security keys to protect data. At work or school, you would receive a device to insert into your computer, which then gives you access to your documents and other information without having to enter any login credentials. When the device is removed, nothing can be accessed. While this strategy is not foolproof, in cases when the key is lost or stolen, for example, it could be the future to eliminating password fatigue completely.