Measuring Password Fatigue: Usability and Cybersecurity Impacts [Study]
The problem with passwords
Passwords are inherently meant to support security and keep information protected from potential theft or misuse. Our study found that, in many cases, keeping track of passwords had multiple negative effects, ranging from loss of productivity at work or potential exposure to hacking and, most notably, fatigue when it came to remembering and managing passwords. With more and more aspects of life going digital, passwords aren’t evolving with technology in a way that’s making it easier to access what you need.
We surveyed 1,047 Americans, including over 600 full-time employees, to find out how password fatigue is affecting their day-to-day life. Read on to discover what passwords are costing us in time, money, and mental energy.
- 39% of Americans reported experiencing a high level of password fatigue.
- 82% of Americans who reported a high level of password fatigue claimed to have reused passwords across multiple accounts, while only 54% of those with low password fatigue claimed the same.
- On average, companies lose $480 worth of productivity annually per employee due to the time spent on password problems.
- 72% of Americans reported storing their passwords online or in the cloud.
- 62% of Americans who reported a high level of password fatigue had an account of theirs hacked or breached, whereas only 29% of those with low password fatigue experienced the same.
Identifying password fatigue
Password fatigue, or stress caused by remembering passwords to numerous different accounts, is a widespread issue, but to what extent do Americans experience it? Furthermore, how does it impact their productivity and mental health?
Password fatigue at least moderately affected the lives of 87% of those surveyed. Password requirements, mandatory changes, security questions, and other measures taken by companies in an effort to secure user accounts have led to a great deal of confusion and stress for those trying to keep track of passwords in both professional and personal settings. Over three-quarters of those we surveyed reported password fatigue as negatively affecting their productivity and mental health. It might be easy to see why younger generations, who have grown up with tech and tend to use it more frequently than older generations, actually reported the highest level of password fatigue. In fact, Gen Z has struggled with passwords in the past, and over half of the “digital natives” we surveyed reported high password fatigue, compared to only 29% of baby boomers.
New account, new password, new problem
The password problem only compounds over time as users inevitably accumulate additional accounts in their personal and professional lives. How much does account creation increase the feelings of password fatigue?
Those surveyed had varying frequency in the number of accounts they typically opened. Some opened a new online account at least once per week. These users reported the highest level of password fatigue. Research suggests the number of passwords users have created has risen since the beginning of the pandemic, as many services went partially—if not completely—digital or contactless. The volume of passwords was too much to keep up with for over half of those who created an account at least once a week, while only 25% of those who rarely created accounts experienced high password fatigue. When it came to password character inclusion, there wasn’t a significant variation among low and high password-fatigued individuals in including lowercase and uppercase letters and numbers. However, those with high password fatigue were 33% less likely to include a special character, making their passwords less unique and more guessable for the sake of convenience.
Habits were a big factor affecting fatigue. Over 80% of those who reported high password fatigue reused a password across multiple accounts. Although extremely common, having one master password for accounts all over the internet is one of the worst password habits possible. Using auto-generated passwords for multiple accounts was less common for those who reported high password fatigue. While they’re tougher to remember, an auto-generated password is still able to be hacked by bad actors given that passwords are inherently a shared secret and therefore phishable and breachable.
Password problems at the office
Password problems were not unique to personal accounts and services; they were also a significantly impactful issue for users in the workplace.
Our study found that reusing passwords across multiple work accounts was actually slightly more common (80%) than it was for all accounts (73%). These same habits led to over 75% of those surveyed reporting they’d had to utilize account recovery methods to access their work accounts at least once a month. The work it took to do so is quantifiable, and the time it took to remember and recover passwords was no small figure either. On average, employers spent $480 per employee on time wasted due to password issues alone. For those who reported high password fatigue, the cost jumped all the way to $670 per employee. It’s no wonder that many companies have implemented strategies, including getting rid of passwords entirely, to try to reduce inefficiencies and cut these avoidable costs as much as possible.
Strategies for managing passwords
With the abundance of accounts Americans have, it is no surprise that there is a need for password management. Although certain methods are more popular than others, they do not appear to solve the problem of password fatigue.
The most popular methods of keeping track of passwords relied on other technologies, whether it was online- or cloud-based solutions or storing them locally on a computer. Only 11% of those we surveyed reported memorizing their passwords; however, more respondents with low password fatigue used memorization than any other method.
Digital methods of saving passwords often led to higher levels of fatigue. Even those with password managers reported rates of high fatigue at almost 50%. There are some downsides to using password managers, such as having all of your data in one place on a device in which the security is not necessarily a guarantee. Factors like these alone could be attributed to the rise in stress and fatigue levels over passwords, as even the biggest, most secure companies in the world can be and have been hacked.
Fatigue affecting security
Cybersecurity is so critical to both users and corporations that the industry is experiencing huge growth as the world gets more and more digital and the need for security rises with it. Breaches of passwords can be an easy inroad for hackers to get critical information for a variety of uses, including identity theft, which has been on the rise since 2020. Those with high password fatigue were twice as likely to have been hacked or breached than those with low fatigue.
Passwords were a big safety issue, as those with high fatigue were six times more likely than those with low fatigue to view their passwords as generally unsafe. The majority of those surveyed were hoping for solutions to these issues. The demand for alternative solutions to passwords was high for all respondents (60%) but even greater for those with high fatigue (70%).
A world without passwords
Due to the rise in password fatigue, those we surveyed may be a lot better off with fewer passwords to keep track of overall. Clearly, aside from the security risk they pose, passwords are not working for people on the usability front either, impacting mental health and productivity, and even security.
Digital security is of the utmost importance these days, and passwords are a big liability for individuals and workplaces. Beyond Identity offers a passwordless MFA that puts security first and protects against sophisticated attacks, while making it easy for users as well with no need for second devices, one-time codes, or push notifications. Visit www.BeyondIdentity.com for more information on phishing-resistant MFA.
Methodology and limitations
For this study, we surveyed 1,047 Americans. Generationally, 23.3% of respondents were baby boomers, 25% were Gen Xers, 26.6% were millennials, and 25.1% were Gen Zers. Survey data has some limitations due to self-reporting.
Fair use statement
If you enjoyed reading about password fatigue and the negative impact it’s having on mental health and productivity, feel free to share these findings for noncommercial use. We only ask that you please link back to the original article so our contributors can receive credit for their work.