What is password fatigue?
The ever-increasing presence of the internet in our daily lives has led to a syndrome known as ‘password fatigue’ or ‘password overload.’ Simply put, password fatigue is the result of stress and frustration due to the endless list of passwords users are required to remember to gain access to their various accounts.
The issue is further compounded by the excessive requirements of what is deemed a ‘good’ password. Users are often forced to include a certain number of characters, a capital letter, a number and a symbol. On top of that, they have to change their password every few months in order to ‘protect their account.’ So not only do they have to remember these complex and unique passwords for each of their accounts, but they have to re-learn them every time they are updated.
The inability to keep track of all these passwords and changes is when password fatigue sets in. Consumers are left feeling stressed, worn out and out of patience. Hackers know this too. They use your end users’ vulnerable state to their advantage by performing password-related attacks.
Why does password fatigue occur?
A few common reasons for password overload include:
- Users have too many passwords to remember. The constant overload of passwords makes it difficult to keep track of all their login information for various accounts. They may not even remember their username or the email address they used.
- The amount of times users have to retype their passwords. This often causes confusion during a session as users get confused or mixed up.
- Complex password requirements. Users are often mandated to include a certain number of characters, a capital letter, a number and a symbol.
- Password update requirements. Users are compelled to change their passwords often. They don’t necessarily change all their passwords at the same time making it easy to lose track of what was updated and what was not.
- Two-factor authentication adds more complexity. SMS OTPs add another layer of friction and are irrelevant if the number attached to an account is no longer relevant. In the case of knowledge-based questions, it is not uncommon for many customers to forget the answers to their own questions.
The consequences of password fatigue
According to new research by password manager NordPass, the average user has 70-80 passwords to remember. In order to cope with the excessive list of passwords and the draining side effects of password fatigue users often resort to bad password habits that include:
- Using common passwords that are easy to crack. The password “123456” is used by 23 million account holders (First Contact). Hackers also know to try common tricks, like changing “password” to “Pas$word123.”
- Reusing the same passwords for different accounts. According to Google, 65% of people reuse the same password across multiple, if not all sites. While it may be human nature to reuse a password, this is a huge security risk that hackers can use to gain access to multiple accounts of the same user.
- Writing down passwords on physical paper. If the paper or notebook is stolen, hackers have all the information they need to effortlessly take control of any accounts listed.
- Storing passwords using dedicated password manager apps or programs. While this might seem smarter and more convenient. It’s not much safer to store passwords that are protected by, you guessed it, another password.
- Sharing passwords. Users don’t seem too bothered about the consequences of sharing their passwords. Given that we know how many consumers reuse passwords once a password is shared, there’s no control over how that password is distributed or used further.
The end of the password era
Given the many problems with passwords and the frustration they cause, not only consumers but organizations, we’re left wondering, “Well, what’s the alternative?”
While the password may have ruled for 70 years, the more recent introduction of device biometrics and WebAuthn makes it easy for customers to login with a fingerprint or facial scan. It is a clear signal that the password regime is (finally) over. You could say that the long awaited cure for password fatigue has arrived!
Since the introduction of the password, everything in the industry was built around it — directories, authentication, account takeover detection, single sign on and IdP. But now, thanks to Fast ID Online (FIDO) Alliance and WebAuthn for creating usable and secure biometrics, we can usher in a new method of authentication. The end of the password era will undoubtedly remove password fatigue and ensure that the online world is a more secure and convenient place for customers across all industries.
The solution for password fatigue
One sure-fire way to get rid of passwords, their problems and ever-increasing password fatigue is to completely remove passwords from the entire identity experience. Customers should never have to remember or secure a password again.
Thanks to Transmit Security® BindIDTM, solving the password fatigue problem has never been faster or easier. BindID helps organizations rapidly implement a passwordless, customer-centric identity experience across any device, app or channel — including non-digital channels like kiosks and call centers.
Using the FIDO2 standard, BindID creates a secure environment that provides a genuine passwordless login experience for your customers. Infrequent customers no longer have to slog through tiresome reset processes, and return visitors are able to easily log in without any 2FA challenges, like SMS OTPs or KBAs. That means reduced attrition and more satisfied customers.
Passwordless logins may still be a relatively new concept in authentication, but it’s quickly emerging as the most convenient and secure solution. BindID represents a dramatic leap forward in the industry that both improves the customer experience and provides an ironclad layer of privacy and security.
BindID makes it effortless to integrate passwordless authentication, so you can relieve your customers from the burdens of passwords and password fatigue.
Want to keep reading? Learn how passwordless logins work.