What is Password Fatigue?
Everyone hates passwords, but what most users hate about them is how many they have to remember. In many organizations it has become a requirement to have different complicated passwords for different applications that store valuable and confidential data. So if you have ever just felt overloaded with tons of passwords from work, personal finance, or your Netflix account, you could be suffering from Password Fatigue.
What is Password Fatigue? Well, that's simple - Password Fatigue means that your end users are worn out from having to manage so many complicated and different passwords today. If your users experience password fatigue, your end users are getting exhausted and frustrated from passwords, and their patience is wearing thin, increasing stress levels all the time.
Imagine using three important applications in your department daily, and being an integral part of your department, your workflow affects the workflow of many others, so having to remember...
- HZh-7At2gUy
- q_9USFun&L&
- xj_3Bq=NCvb
...seems very complicated. While these passwords fulfill many password policies and are very strong passwords, they are unrealistic to remember. The longevity of any one password is diminishing at an exponential rate, and people are being forced to memorize a new password every few months, if not sooner. If you have created a great password with a strong standard complexity score that is still easy for you to remember, you won’t be able to use it forever. Eventually, you'll be forced to start the password creation process again. Also, passwords can not longer be as simple as your pet's name or favorite color. Passwords should not be recognizable at all. Because of these mistakes that end users keep following is the reason why password complexity standards are a major contributing factor of most password fatigue!
Password Complexity and Password Fatigue
Your password complexity standards are defined by various aspects of the password, such as how long the password must be, whether the characters are upper case, lower case, digits, special characters, etc. Using a password is difficult enough, but having to arrive at a password that meets a strong security pattern could possibly push some people over the edge.
Then you have to go through the same process for every website, at regular intervals - intervals that may be different for each service you need to authenticate to.
Password fatigue is maddening.
On top of all that, the same passwords that you come up with will be entered multiple times during the day for the same resource – depending on how sensitive the protected data is, which is being accessed through that particular service. Every time you want to check your balance, or perform a transaction at your favorite bank’s website, you have to provide the appropriate password. Another thing compounding this password fatigue is the possibility of having to input the password multiple times during the same login attempt. It can be an added difficulty if the password is not shown while you are typing, and you’re just not that good at typing blind.
Let’s face it; passwords today are annoying at best - it's a wonder that we didn't start complaining about password fatigue sooner!
Reducing Password Fatigue Today
Organizations today must offer their employees and customers secure, reliable, and advanced technology, but with accelerated changes presented by the novel coronavirus, many employees are working remotely and using the cloud. Now, organizations are more underprepared than before, so they have to rethink the traditional methods of passwords and learn to balance user experience with security.
The future of password fatigue looks to be deteriorating into more than just having to remember too many passwords. Users have so many passwords now - and they all have to be so complicated - that common practice has become the practice of storing passwords in a password vault which (you guessed it) is also protected by a password. That’s either very interesting or exceedingly annoying, depending on your viewpoint… passwords protected by a password.
If the first point of authentication was strong enough that it could not be compromised, and there was a mechanism in place that only allowed access to a resource if you can get into its domicile (with the first authentication) we could confidently do away with all the other passwords.
While it seems that fighting password fatigue is inevitable, with all your users having to manually log into each web application, Single Sign-on (SSO) helps to eliminate user frustration. Once a user has logged in through SSO, they are automatically granted access to other integrated web applications. However, with this in mind, eliminating barriers to access requires an SSO solution that can create both a streamlined and secure login. A good SSO solution would give users the secure access to one portal that integrated all the applications they were using, improving the user experience.
A well integrated SSO solution can be both secure and user friendly. For security purposes, an SSO solution should increase security by using any combination of transparent barriers, implementing configurable corporate password policies, and adding stronger authentication using tokenless, two-factor authentication and/or knowledge-based authentication. While security should not be overlooked when considering an SSO solution, a good SSO solution will deliver heightened security measures without issue.
On the other hand, an SSO solution should not only be secure, but also give you and your users a streamlined login experience. The SSO solution should eliminate the need to develop and maintain your own portal and manage external users' credentials. Also, it should reduce the number of password required to remember and reduce the number of Help Desk calls related to password resets and recoveries.
It goes without saying that single sign-on delivers seamless access to all applications, lowers IT costs, and increases security. However, finding the ideal SSO solution that can integrate well with your company that can do the above and much more is difficult.
The ideal solution for common login frustrations is a product that can create a single or federated authentication process to handle multiple local and cloud applications, while providing a centralized point of secure access. Implementing a SAML (Security Assertion Markup Language) SSO option with PortalGuard as the Identity Provider achieves the goal of eliminating password issues while providing more:
- Reduce the number of passwords users are required to remember and manage.
- Implement and enforce configurable password policies.
- Reduce password-related Help Desk calls related to password and access issues, and many more.
Read more about the benefits of an SAML SSO option in our eBook here.
