InfoSec Blog - Don't Get Password Fatigue

Fingerprint

May 1, 2020

There are plenty of reasons to hate passwords. A recent Ponemon Institute study provides some insights into why many people have developed what has become known as password fatigue:

  • Respondents reported having to spend an average of 12.6 minutes each week or 10.9 hours per year entering and/or resetting passwords. Most respondents also reported being unable to complete personal transactions because they had forgotten their passwords.
  • About two-thirds (69 percent) admitted to sharing passwords with coworkers to access accounts, and more than half (51 percent) said they reuse an average of five passwords across work and personal accounts.
  • Most respondents do not use a password manager and rely on human memory, spreadsheets, and sticky notes to manage passwords. Fewer than half (45 percent) use multifactor (or two-step) authentication in the workplace.

It is increasingly clear that new security approaches are needed to help individuals manage and protect their passwords, and passwordless login technology could provide an option. A majority of IT security professionals and individual users believe that the use of biometrics or hardware tokens could offer better—and more user-friendly—security protections.

In the meantime, multifactor authentication and good password practices can help as we move toward a passwordless future.

Tips on protecting your digital identity:

  • Use a fingerprint or biometric requirement to sign in when available. This provides an extra layer of protection for devices and apps.
  • Whenever possible, take advantage of whatever two-factor authentication (2FA) methods are available for your service. View a list of websites that support two-factor authentication (2FA).
  • Create a unique username and password or passphrase for each website or application.
  • Use a password manager to help avoid password reuse, and protect it with a long passphrase. Some password managers are free, but you can also check with your IT department to find out which tool it recommends.
  • Update to the latest security software, web browser, and operating system. Turn on automatic updates to help protect your personal information against new threats.
  • Stay protected when connecting to any public wireless hotspot. Use a virtual private network (VPN) client, which provides secure remote access to resources.

 

Source: Educause Security Awareness