Did you know the average employee spends over 10 hours in their work year<\/a> simply inputting passwords? Although 10 hours doesn\u2019t seem like much in the grand scheme of things, these hours amount to a cost of around $5.2M annually for organizations<\/a> in lost time.<\/p>\n\n\n\n
In the modern era of IT, advancements into the cloud and the rise of \u201cas-a-Service<\/a>\u201d offerings have given organizations incredible capabilities in regards to speed, work location flexibility, and collaboration, among other things. Unfortunately, friction has come alongside these enhancements as well.<\/p>\n\n\n\n
Passwords, on the other hand, are more complicated. Common password requirements enforce that a password can\u2019t match the username, must be of a certain length, and contain a variety of characters, including upper\/lowercase letters, numbers, special characters, and more. <\/p>\n\n\n\n
An additional security measure implemented in some organizations is password rotation<\/a>, which requires employees to change their passwords at set time intervals, such as every 90 days. Security professionals also recommend against password reuse.<\/p>\n\n\n\n
In reality, the struggle to keep all of these passwords straight turns into password fatigue, which ultimately leads to password simplification and reuse. It is estimated that the average business employee keeps track of 191 passwords<\/a>.<\/p>\n\n\n\n
The fear of forgetting a password outweighs the fear of a potential data breach. 91% of people<\/a> understand the risk of reusing passwords, yet 59% admit to doing it anyway<\/a>. <\/p>\n\n\n\n
This is a sobering reality, especially when you consider the fact that 61% of data breaches<\/a> involve credentials. In short, passwords are the gateway to confidential data, electronic financial transactions, and more, yet we don\u2019t treat them as the most critical security risk an organization faces. Password fatigue, then, not only affects employees but organizational security as well. <\/p>\n\n\n\n
The enterprise is more at risk if its employees are struggling with password fatigue. <\/p>\n\n\n\n
According to a survey conducted by the Ponemon Institute, 51% of people<\/a> rotate the same five passwords across their work and personal accounts.<\/p>\n\n\n\n
In addition to sharing passwords among their own accounts, employees often share passwords with each other; 69% of people<\/a> admit to sharing credentials for work account access. In fact, there are tools that encourage \u201csecure\u201d password sharing!<\/p>\n\n\n\n
Another potential security risk related to password fatigue is susceptibility to phishing<\/a> since most password reset requests are delivered by email. Phishing is the most common attack vector and present in 36%<\/a> of data breaches. <\/p>\n\n\n\n
Password fatigue is a serious condition in the modern workplace and more widespread than we\u2019d like to think. To avoid the negative impacts of password fatigue in your organization, here are a few solutions to consider.<\/span><\/p>\n\n\n\n
Using an SSO password manager<\/a> is a great way to alleviate password fatigue. Password managers allow employees to create a repository of their various passwords and automatically present them at login windows. <\/p>\n\n\n\n
Since employees no longer need to remember every single password, password managers open up a greater possibility for increased length and higher password complexity<\/a>.<\/p>\n\n\n\n
In the context of password fatigue, multi-factor authentication<\/a> (MFA) might seem counterintuitive. Wouldn\u2019t adding an additional step to the login process just make things worse?<\/p>\n\n\n\n
Contrary to popular belief, the implementation of a second authentication factor doesn\u2019t need to be complicated. It can be as simple as a push notification<\/a> sent to the employee\u2019s phone that asks them to \u2018Accept\u2019 or \u2018Deny\u2019 a log-in request.<\/p>\n\n\n\n\n