Schedule a Demo of GateKeeper Enterprise or call 240-547-5446

GATEKEEPER BLOG

Tired,Young,Man,Feel,Pain,Eyestrain,Holding,Glasses,Rubbing,Dry

Preventing Password Fatigue & Stress

Stress alert! The biggest password problem might be the fatigue and stress. Password stress happens when users must memorize and type a large number of passwords on a consistent basis. Nobody wants to remember and type a long and complex password. But neither do they want to find out that their passwords have been stolen. The problem is that good security means unique usernames and passwords that are both long and complex (high entropy). But the amount of stress involved in memorizing and typing these long passwords takes a strong toll on the users.

What causes password stress?

Compliance mandates and security protocols are increasingly demanding more rigorous (and laborious) means of protecting passwords and the data they hold access to. Trying to comply with the password policies is the actual reason for much of the password-related fatigue ongoing with users that lead to less happy employees and productivity.

  • Having to retype username and password repeatedly

  • Forgetting passwords constantly (especially ones that are not used often)

  • Mistyping passwords (wastes time)

  • Mixing up username and password combinations

  • Having to retype passwords repeatedly

  • Having to reset passwords and memorize new ones

  • Continuously changing passwords due to compliance

  • Having too many passwords to remember (impossible task for most of us)

  • Being forced to create, remember, and type complex passwords for each account

  • Being responsible for password security by policy

  • Getting locked out of a website or computer

  • Downtime waiting for helpdesk to recover access

  • Forgetting to lock computer/log out of a website

  • News of other data breaches

Without the proper tools, users are constantly forced to choose between high stress with high security or low stress with low security (not a good tradeoff).

What happens when people get stressed out over passwords

Every new website is a new and unique username and password (and OTP for 2FA) combination to memorize. Users can’t be expected to keep adding on new credentials to manage and not get stressed. The problem becomes users resorting to poor password hygiene to avoid all the password-related stresses:

  • Writing passwords on paper, Post-Its, or spreadsheets

  • Creating weak passwords that are susceptible to brute-force attacks

  • Creating low-entropy passwords (easily guessed)

  • Reusing the same password for multiple accounts (high risk)

  • Sharing passwords with others via insecure methods (e.g. SMS text, email, messenger, paper)

  • Huge increase in cybersecurity incident probability from overall poor security habits

People used to hide their car keys in their cars and now more people are hiding passwords written on paper under workstations. Some employees even report writing the codes to doors on paper and taping them onto the door.

Risks of weak passwords

The effects of password stress on users transcends to the C-suite with one credential exposed potentially causing millions of dollars worth of damage in theft and reputation. A department can spend a great deal of investment into their tools, training, and awareness, but if a single user is breached, the investment could have been for naught.

Cybercriminals have robots that are designed and dedicated to hacking accounts – most criminals don’t have robots at work for them. The fact that cybercriminals employ bots should be a glaring indicator to the scale of the attacks unknowingly happening every moment. Users who reuse the same password for different accounts are left extremely vulnerable to cracking since once credential compromised means other accounts are also compromised (eggs in one basket).

The more that vital services go digital (banking, records, healthcare, etc.), the more important our passwords and usernames become, and criminals are following the trend. We have fewer keys, but now, too many passwords to manage and too many thieves to ward off at the same time. Criminal activity online is sky-rocketing at an unprecedented pace.

Tips on avoiding password stress (while being secure)

Stress from passwords are best avoided through automation and initiative. Use tools to help manage the memorization and typing of passwords. Admins will also have to take a proactive approach to ensuring users get compliant, then keeping them compliant should be easier.

Make sure to map out where time is being wasted and could be saved. One example is focusing on reducing password resets. Besides the labor of changing a password, the ancillary costs of securely communicating the new passwords to users can be immense, especially at larger organizations where several people are dedicated to password management alone. Consider using a tool that allows for faster and more automated password changing and sharing.

  • Use passphrases rather than passwords (longer and more easily memorized)

  • Use a password manager to avoid having to memorize and type so many credentials

  • Portability: Consider using a passwordless authenticator rather than a master password such as a token or a fingerprint

  • Deploy a password solution that best fits your user’s needs based on their workflows

Capterra Best Value for Authentication Jun-20
Capterra Ease of Use for Authentication Jun-20

See GateKeeper proximity access control in action.

Take a self-guided tour of how your proximity-based access control can work.

Pin It on Pinterest