How to Help Your Employees Overcome Password Fatigue

Research has discovered that the average user has over 100 password-protected accounts to their name, 25% more than before the pandemic began.

This can be attributed to the notable increase in home-workers.

Pre-pandemic Americans were estimated to spend 5% of their working time at home, but by spring of 2020, the figure had hit 60%. Employees were forced to take control of their employers' business security, housing precious data in their living rooms.

What exactly is password fatigue?

Everyone knows you shouldn't reuse passwords, but that battle has been waged and lost 75 passwords ago as password fatigue kicks in.

Many people reuse passwords, alter a 'base' password by one character, write passwords down on their desks, sticky notes on their monitors and share passwords. This unsafe behavior has been rationalized and trivialized to a point where employees and users fail to notice the error of their ways, putting them, their data and your business at risk.

Password fatigue is the stress caused by entering, re-entering and changing a vast number of passwords, such as the hundred the average user is anticipated to create. This is not only an employee satisfaction issue but a customer experience and business security issue.

There are many reasons for password fatigue, including:

• Too many complex and high entropy passwords to remember
• Repeated retyping of usernames and passwords to access daily systems
• Forgotten passwords
• Mistyped passwords
• Password reset incidents, leading to significant downtime and helpdesk expenses
• Passwords changing too often
• Getting locked out of an account due to mistyping or forgetting the password
• Unyielding password policy enforcement by an organization

These challenges can raise many problems, such as users habitually creating weaker passwords and demonstrating poor password habits such as those discussed above.

How can password fatigue be spotted?

Determining whether your workforce is suffering from password fatigue can be tricky. Tell-tale signs include a spike in 'forgotten password' incidents, increased password resets, sharing passwords insecurely such as via external emails, passwords being the same on all services or simply post-it notes on desks with various passwords.

There are plenty of examples of weak and common passwords out there, such as password1, 12345 or biteme. The sheer number of users who have this type of low entropy, easy to guess passwords is concerning and variations of these passwords should be avoided at all costs.

These passwords all have something in common: repetition, sequences, common phrases, and a lack of imagination. They’re the physical manifestation of password fatigue, and it's understandable.

To put it simply, everyone in a given workforce is suffering from password fatigue in one way or another. It feels impossible to avoid in today's 'lock and key' online culture, with staff members expected to memorize hundreds of high entropy, secure, unique passwords for every login.

What does a good password look like?

A strong password has a high level of entropy. Entropy is a measure of the chaos, disorder or unpredictability something contains - in simple terms, how many unknowns there are within a given phrase.

For example, 'letmein' is an extremely common password, but it's predictable, follows a structure and has no special characters or numbers, making it easy to guess. This is a perfect example of a low entropy password.

Building a high entropy password takes commitment, a commitment of time, of energy and of focus. There are plenty of strategies out there such as taking a song lyric and turning it into an acronym, or using seven random words to generate a code. But these all take immense amounts of mental energy to build and recall for the 100+ passwords that the average user has, and they still aren’t perfect.

The perfect password is one not even you know.

How can you solve it?

Solving password fatigue can feel like a losing battle for employees and employers alike, but it doesn't have to be. By utilizing tools such as password managers and Single Sign-On (SSO) solutions, you can develop a more secure online presence.

Improving user experience while streamlining business and personal security is everyone's dream, but it can be a reality with an effective password manager.

What is a password manager?

A password manager is your last password, ever.

An effective password manager solution requires you to remember just one master password. This in comparison to the over 100 that the average user is expected to memorize is a welcome relief, minimizing password fatigue and allowing users to lead a more secure digital life.

A password manager takes care of the tedious chores, creating, remembering and storing your passwords for you, allowing you to focus on what matters.

Pairing a password manager with an SSO is a foolproof approach to doubling down on security in today’s hybrid workplace.

By using an SSO, authorized users and employees can access a wide range of applications, only using one set of login credentials. These credentials will be securely generated and unique, based upon their status and clearance levels, identity and permissions.

By using these solutions in tandem, you can remove the need for memorizing long strings of gibberish passwords and free yourself from the burden of password fatigue.

Further reading:

• Password Manager: Your Employees' New Best Friend
• MFA: The Silver Bullet for Bad Password Behavior?
• Psychology of Passwords: The Online Behavior That’s Putting You at Risk