123456: If this is your password, you could’ve password fatigue. It’s a serious problem.

123456: If this is your password, you could’ve password fatigue. It’s a serious problem.

  • Password fatigue at least moderately affected the lives of 87% of those surveyed by Beyond Identity, impacting their productivity and mental health.
  • On average, companies lose $480 worth of productivity annually per employee due to the time spent on password problems
  • Passwordless authentication is becoming an effective alternative.
IT leaders have always struggled to maintain the delicate balance between security and user experience. Of all the possible friction-points in IT, the password is possibly the biggest. A slightly old study revealed that an average employee manages almost 200 passwords – leading to worse forms of password fatigue within organisations.

Password fatigue has intensified in today’s digital workplaces where employees are forced to remember multiple complex passwords for multiple accounts. A serious consequence of this fatigue is employees resorting to easier passwords that are impossible to forget – which explains why ‘123456’ remains the most popular password.

Password fatigue is thus stressful not just for users but also for enterprise security teams, who are responsible for protecting critical data.

Passwords in today’s changing workplace

Remote work has had a profound impact on password security. In fact, passwords are often the weakest links in a cyber incident. About 83% of the organisations who have suffered a security breach believe the reason to be either a compromised password or identity compromise, according to a LastPass – IDC survey.

Passwords, thus, have been an IT team’s bugbear for the longest time. But there are more reasons to build a stronger case against passwords. On average, companies lose $480 worth of productivity annually per employee due to the time spent on password problems, according to a study conducted by Beyond Identity. With more and more aspects of life going digital, passwords aren’t evolving with technology in a way that’s making it easier to access what you need – states the survey.

From a user point of view, password fatigue at least moderately affected the lives of 87% of those surveyed, impacting their productivity and mental health. Close to 40% of users experienced very high levels of password fatigue. Password requirements, mandatory changes, security questions etc. have led to increased confusion and stress for employees.

The more, the worse

Password usage has seen a considerable increase during the pandemic as users download more apps and prefer digital services. This is clearly adding to the woes of corporate users.

The survey found that password fatigue deepens among employees who create accounts more frequently. High levels of fatigue were reported among 56% percent of users who create an account at least once in a week. It was also observed that uniqueness of passwords has direct correlation with fatigue, with more than one third of respondents with high fatigue admitting that they avoid using special characters. They are also more likely to reuse passwords across accounts.

These habits seem to be more universal in nature with business users reflecting similar trends. Four out of five such workers reuse passwords and they end up spending an average 12 minutes every time they create or recover an account.

In today’s evolving workplace, passwords have evidently become a liability – it does not seem to be protecting assets or ensuring usability. The Beyond Identity study revealed that users with high password fatigue were twice as likely to have been hacked or breached than those with low fatigue.

The case for passwordless enterprise

The tendency of reusing passwords across multiple work accounts has been established to lead to some serious issues. For example, over 75% of those surveyed reported they’d had to utilise account recovery methods to access their work accounts at least once a month – costing organisations a considerable amount of time, effort and money.

The annual average spending by employers on time wasted due to password issues, as mentioned earlier has already reached $480 per employee and for those who reported high levels of fatigue, the number went up to a whopping $670 per employee. This has led to a growing number of organisations realising the ineffectuality of password in ensuring security and how it instead impedes user experience. Increasingly, enterprises are embracing a passwordless future for better security, reduction in cost, increased usability and to evolve as truly digital entities.

Passwordless authentication is a part of every holistic security strategy today and is considered an effective alternative for more inconvenient methods like multifactor authentication (MFA). Emerging standards like Web Authentication API (WebAuthN) and Fast Identity Online (FIDO2) are disrupting this space.

Passwordless methods such as biometrics, possession factors and magic links have been growing in popularity. Passwordless MFA has seen higher adoption as a more secure option in recent times. The case against passwords has only gotten stronger.

Bengaluru, Hyderabad and Chennai hired the most number of IT digital skill experts

On the importance of eliminating bias in AI-based recruitment