Life was so much easier when the only password you needed to remember was 123456, or 123456789, or qwerty, or password, or 111111, or any other very simple to remember and easy to hack password. In fact, in those days, there were fewer websites that you needed to login to. But now, we need to remember more complex passwords, and, hopefully, more of them. And people are getting password fatigue. In fact, according to LogMein, the average business user keeps track of a whopping 191 passwords.
According to Wikipedia, “Password fatigue is the feeling experienced by many people who are required to remember an excessive number of passwords as part of their daily routine, such as to login to a computer at work, undo a bicycle lock, or conduct banking from an automated teller machine (ATM)”.
According to an Infographic from Yubico produced in 2019, on average, people spend 10.9 hours per year entering and/or resetting passwords. This, they estimate, costs organizations $5.2m per year.
The trouble with passwords is that unless they are secure, there is really no point in having them. So, most places that you need to login to enforce strict password rules. For example, your password can’t match your username, plus it must be a certain length (which seems to be increasing all the time), and it has to contain a variety of characters (upper/lowercase letters, numbers, special characters). And just when you think you’ve memorized the password, you find you need to change it every 60 days (or some other number). And you probably can’t re-use and old favourite password until a very long period of time has passed, or enough other passwords have been used.
For businesses, the need for passwords to be secure is critically important. They can’t have passwords stuck on the side of a computer. They can’t tolerate people sharing passwords. The big issue for businesses is hackers and ransomware. Too often, hackers are finding a password that someone uses for one account is also the password they use for a more secure and important account – for example their bank account. Using a known email and password combination gives them access to other sites.
In addition, the dark web is full of stolen userids and passwords that hackers share. Unless passwords are regularly changed, an old list of passwords can be as effective for hacking purposes as a more recent list. Once hackers gain access to your network, they can corrupt backups, encrypt databases, and demand payment in bitcoins to make those corporate files available again. And all because the organization wasn’t stricter with its password policy.
So, what can people do about the plethora of difficult passwords that they need to remember? The obvious solution is to write them down on a Post-It Note (or similar) and stick it to your computer screen. Hopefully, the days of people doing that have passed – but you may know different where you work! To make memorizing passwords easier, about half (51%) of the people in the Yubico survey simply rotate the same five passwords across their work and personal accounts.
Using three or four random words together is a great way to beat password-cracking software. You might choose ‘hatcarlaughing’ or something similar. The password is very hard to crack, however, people would still get password fatigue trying to remember 191 different passwords like that during the working day.
So, what can organizations do in order to help their employees overcome password fatigue and keep their network safe from hackers? There are a number of solutions available.
Biometrics solutions seem like the most obvious. You always have your eyes or fingerprints with you. However, the technology can be quite expensive and not always completely reliable.
To overcome the need to remember so many passwords, employees could use a password manager. Staff create a repository of the passwords they use, and the software presents the appropriate one when a login screen appears. Members of staff don’t need to remember the password, so those passwords can become even harder to crack. Using a password manager makes password fatigue a thing of the past. The problem arises when trying to login from a different device,
Multi-factor authentication (MFA) is another way to maintain security and reduce password fatigue. Obviously, it adds another step to the login process, but it does make things more secure, so the password used can be much shorter than might otherwise be the case, and therefore easier to remember.
Single sign-on allows members of staff to sign in only once to gain access to all the software and devices associated with that account. That makes things easier for the user.
As mentioned above, password fatigue can cost companies money and can make the life of employees difficult. It makes sense for an organization to look into ways that it can help staff avoid password fatigue, get on with their work, and keep the organization secure.
No comments:
Post a Comment