Password Fatigue: What It Is and How to Beat It

According to The 2019 State of Password and Authentication Security Behaviors Report, the average person spends almost 11 hours each year entering and resetting online passwords. As we create more and more profiles and accounts and live our lives online, it’s no wonder that so many people suffer from what’s known as “password fatigue.”

Password fatigue describes the feeling of annoyance and stress people feel with having to craft, remember, and enter tens or even hundreds of passwords at work or school and in their personal lives. Mobile devices have made password fatigue even stronger, as typing on touch screens can be difficult for some users.

As a result, many users choose the simplest passwords possible and often use the same login credentials across numerous accounts. Many sites require passwords to meet criteria like length, numbers, capitals, and letters. Unfortunately, though, hackers have taken advantage of this fatigue with breaches to some of the world’s largest systems. Even worse, a study by Norton found that 40 percent of users don’t bother to create complex passwords or change their passwords regularly.

So, how can we beat password fatigue while keeping sensitive data secure?

On an individual level, commit to creating more complex passwords and changing them often. You can also use a password management software that securely stores all of your passwords in one place, accessible by entering just one master password. Remembering one password is much less tiring and stressful than keeping track of hundreds.

Identity and access management (IAM) professionals are also constantly coming up with innovative alternatives to traditional password login systems. More companies are beginning to adopt two-factor authentication, although it is still far from the norm. Some in the IAM industry believe that biometrics will replace passwords in the future. Fingerprints and face recognition would both strengthen data security and reduce password fatigue by requiring a simple touch or look.

We may even see the implementation of physical security keys to protect data. At work or school, you would receive a device to insert into your computer, which then gives you access to your documents and other information without having to enter any login credentials. When the device is removed, nothing can be accessed. While this strategy is not foolproof, in cases when the key is lost or stolen, for example, it could be the future to eliminating password fatigue completely.

Reddit Security Breach and Other Forum Digital Security Breaches

On Wednesday, August 1st, Reddit announced that it had uncovered a data breach, according to NBC News. Hackers were apparently able to access a database containing email addresses linked to user accounts, including email addresses from some current accounts as well as a 2007 database backup that included old passwords that had been “salted and hashed” (in layman’s terms, they were scrambled for digital security protection).

Hackers were also reportedly able to access email addresses and public and private messages in the old database, Mac Rumors and other outlets reported.

Reddit reportedly sent an email to all affected users, which was mainly people who joined Reddit in 2007 or before. That’s a great proactive step, and it’s certainly better for those who might have been affected by the security breach to know sooner rather than later.

But this breach is clearly very serious, especially for a site that allows users to be fairly anonymous in their correspondence if they choose to be. It is possible that a database of emails connected to Reddit usernames could make it easier to link anonymous accounts to people’s identities, NBC News pointed out.

So what should you do if you were impacted by the Reddit security breach, or if this ever happens on another online forum you’re a member of?

The truth is, you can’t just delete your Reddit account and hope for the best. The information is out there, but there are steps you can take to protect your account on the site or on any sites where this could happen (and really, it could happen anywhere).

Reddit is recommending that users who are using passwords similar to the ones they had in 2007 should change them, but it’s probably not a bad idea to change your security login info even if you know you’ve changed your password and such since then.

Reddit also recommended that users enable two-factor authentication; take advantage of that extra security step is important whenever it’s available. Even if you weren’t specifically impacted by the Reddit breach, changing your password and setting up the authentication is a definite better-safe-than-sorry move.

Running a dark web scan to see if any of your information, like your phone number or email address, are floating around the web, and monitoring your identity online is never a bad idea either. If you’re not sure how to do all of that, a digital security expert can help.

It’s a good idea to always be careful about what you share online, but security breaches happen. The best thing you can do after they occur is take proactive, appropriate steps to protect your information and identity, on Reddit or any other corner of the web.