Password Fatigue tfdusr1 - Thu, 03/10/2016 - 04:41

Password fatigue is the technical term for forgetting your password or getting confused because of the many passwords you use. [1] An average user can easily have 20-30 online accounts, each requiring a username-password combination, not to mention further PIN codes, alarm codes, lock combinations. A 2007 study of Web users by Microsoft Research found that the average user has about 25 accounts that need passwords, and types an average of 8 passwords per day. [2] It is simply too much information to remember for daily usage. Forgetting a password is not just very inconvenient and even embarrassing but there are also security exposures related to the phenomenon of password fatigue. Many users try to mitigate the problem by using the same password for several different services, sometimes going as far as using the same password everywhere. According to surveys, the percentage of such users range from 33% to 77%, the real value probably being closer to the upper end. [3][4][5][6][7] In this way, if the password gets compromised due to a low security website the attackers will also gain access to the real thing: PayPal, eBay and corporate accounts. Additionally, users tend to choose weak passwords; analysis of the large password dumps showed that if password length and complexity requirements are not present then the most popular password will be 12345 or something similar.

“1-2-3-4-5? That’s the stupidest combination I’ve ever heard of in my life! That’s the kinda thing an idiot would have on his luggage!” – Spaceballs

It is probably because people view on password choice as a choir; forcing them to come up with password ideas at unexpected times, when they are already pressurized by time, could be very annoying. For security reasons, passwords should be reasonably long and complex, making them even less likely remembered by their owners. Some experts recommend to restrict maximum password length as a way to reduce costs associated with password fatigue because the average cost of resetting a forgotten password could be as high as $70 [8] or even $95 [9] . However, these expenses can be sharply reduced by implementing automated password resetting tools. Following appropriate guidelines it is possible to create strong AND easy to remember passwords, while it is still necessary to use unique login information for each account. Using single sign-on configurations proved to be useful in reducing password fatigue but like every other technology, they also have certain drawbacks. Offline password managers seem to be a reasonably secure and they offer a great alternative to the foul practice of writing down our passwords on a piece of paper which is easily accessible by almost anyone.Whatever solution you choose, always make sure that you use strong encryption and a proper master password.


This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Tags:

password fatigue username accounts