Password fatigue

Password fatigue is the feeling experienced by many people who are required to remember an excessive number of passwords as part of their daily routine, such as to logon to a computer at work, undo a bicycle lock or conduct banking from an automated teller machine (ATM). The concept is also known as password chaos or more broadly as identity chaos.[1]

Causes

The increasing prominence of information technology and the Internet in employment, finance, recreation and other aspects of people's lives, and the ensuing introduction of secure transaction technology, has led to people accumulating a proliferation of accounts and passwords.

According to a 2002 survey of British online-security consultant NTA Monitor, the typical intensive computer user has 21 accounts that require a password.[2]

Some factors causing password fatigue are:

Related issues

Aside from contributing to stress, password fatigue may encourage people to adopt habits that reduce the security of their protected information. For example, an account holder might use the same password for several different accounts, deliberately choose easy-to-remember passwords that are too vulnerable to cracking, or rely on written records of their passwords.

Many sites, in an attempt to prevent users from choosing easy-to-guess passwords, add restrictions on password length or composition which contribute to password fatigue. In many cases, the restrictions placed on passwords actually serve to decrease the security of the account (either by preventing good passwords or by making the password so complex the user ends up storing it insecurely, such as on a post-it note). Some sites also block non-ASCII or non-alphanumeric characters.

Password fatigue will typically affect users, but can also affect technical departments who manage user accounts as they are constantly reinitializing passwords; this situation ends up lowering morale in both cases. In many cases users end up typing their passwords in cleartext in text files so as to not have to remember them, or even writing them down on post-it notes which they then stick in a desk drawer.

Solutions

Some companies are well organized in this respect and have implemented alternative authentication methods[3] or adopted technologies so that a user's credentials are entered automatically, but others may not focus on ease of use or even worsen the situation by constantly implementing new applications with their own authentication system.

See also

Notes

External links

This article is issued from Wikipedia - version of the 10/18/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.