Password fatigue is the feeling experienced by many people who are required to remember an excessive number of

password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...

s as part of their daily routine, such as to

log in In computer security, logging in (or logging on, signing in, or signing on) is the process by which an individual gains access to a computer system by identifying and authenticating themselves. The user credentials are typically some form ...

to a computer at work, undo a

bicycle lock A bicycle lock is a security device used to deter bicycle theft, either by simply locking one of the wheels or by fastening the bicycle to a fixed object, e.g., a bike rack. Quick-release levers, as used on some bicycle wheels and seatpost fast ...

or conduct banking from an

automated teller machine An automated teller machine (ATM) or cash machine (in British English) is an electronic telecommunications device that enables customers of financial institutions to perform financial transactions, such as cash withdrawals, deposits, f ...

. The concept is also known as password chaos or more broadly as identity chaos.

Causes

The increasing prominence of

information technology Information technology (IT) is the use of computers to create, process, store, retrieve, and exchange all kinds of data . and information. IT forms part of information and communications technology (ICT). An information technology system ...

and the

Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a ''internetworking, network of networks'' that consists ...

in employment, finance, recreation and other aspects of people's lives, and the ensuing introduction of secure transaction technology, has led to people accumulating a proliferation of accounts and passwords. According to a survey conducted in February 2020 by

password manager A password manager is a computer program that allows users to store and manage their passwords for local applications and online services. In many cases software used to manage passwords allow also generate strong passwords and fill forms. Pas ...

Nordpass, a typical user has 100 passwords. Some factors causing password fatigue are: * unexpected demands that a user create a new password * unexpected demands that a user create a new password that uses particular pattern of letters, digits, and special characters * demand that the user type the new password twice * frequent and unexpected demands for the user to re-enter their password throughout the day as they surf to different parts of an intranet * blind typing, both when responding to a password prompt and when setting a new password.

Responses

Some companies are well organized in this respect and have implemented alternative authentication methods or have adopted technologies so that a user's credentials are entered automatically. However, others may not focus on

ease of use Usability can be described as the capacity of a system to provide a condition for its users to perform the tasks safely, effectively, and efficiently while enjoying the experience. In software engineering, usability is the degree to which a sof ...

, or even worsen the situation, by constantly implementing new applications with their own authentication system. *

Single sign-on Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-enterin ...

software (SSO) can help mitigate this problem by only requiring users to remember one password to an application that in turn will automatically give access to several other accounts, with or without the need for

agent Agent may refer to: Espionage, investigation, and law *, spies or intelligence officers * Law of agency, laws involving a person authorized to act on behalf of another ** Agent of record, a person with a contractual agreement with an insuran ...

software on the user's computer. A potential disadvantage is that loss of a single password will prevent access to all services using the SSO system, and moreover theft or misuse of such a password presents a criminal or attacker with many targets. *Integrated password management software - Many

operating systems An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ef ...

provide a mechanism to store and retrieve passwords by using the user's login password to unlock an

encrypted In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...

password database. Microsoft Windows provides Credential Manager to store user names and passwords used to log on to websites or other computers on a network,

Mac OS X macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...

has a

Keychain A keychain (also key fob or keyring) is a small ring or chain of metal to which several keys can be attached. The length of a keychain allows an item to be used more easily than if connected directly to a keyring. Some keychains allow one or b ...

feature that provides this functionality, and similar functionality is present in the GNOME and

KDE KDE is an international free software community that develops free and open-source software. As a central development hub, it provides tools and resources that allow collaborative work on this kind of software. Well-known products include the ...

open source desktops. In addition,

web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on ...

developers have added similar functionality to all of the major browsers. Although, if the user's system is corrupted, stolen or compromised, they can also lose access to sites where they rely on the password store or recovery features to remember their login data. *Password management software such as

KeePass KeePass Password Safe is a free and open-source password manager primarily for Windows. It officially supports macOS and Linux operating systems through the use of Mono. Additionally, there are several unofficial ports for Windows Phone, ...

and Password Safe can help mitigate the problem of password fatigue by storing passwords in a database encrypted with a single password. However, this presents problems similar to that of single sign-on in that losing the single password prevents access to all the other passwords while someone else gaining it will have access to them. *Password recovery - The majority of password-protected web services provide a password recovery feature that will allow users to recover their passwords via the

email address An email address identifies an email box to which messages are delivered. While early messaging systems used a variety of formats for addressing, today, email addresses follow a set of specific rules originally standardized by the Internet Enginee ...

(or other information) tied to that account. However, this system has itself become a target of

social engineering Social engineering may refer to: * Social engineering (political science), a means of influencing particular attitudes and social behaviors on a large scale * Social engineering (security), obtaining confidential information by manipulating and/or ...

attacks by criminals. These criminals obtain enough information about the target to impersonate them and request a reset email, which is then redirected through other means to an account under the attacker's control, enabling the attacker to hijack the account. * Passwordless authentication - One solution to eliminate password fatigue is to get rid of passwords entirely. Passwordless authentication services such as

Okta In meteorology, an okta is a unit of measurement used to describe the amount of cloud cover at any given location such as a weather station. Sky conditions are estimated in terms of how many eighths of the sky are covered in cloud, ranging from ...

, Transmit Security and Secret Double Octopus replace passwords with alternative verification methods such as

biometric Biometrics are body measurements and calculations related to human characteristics. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used to identify ...

authentication or

security token A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something. Examples of security tokens incl ...

s. Unlike SSO or password management software, passwordless authentication does not require a user to create or remember a password at any point.

Notes

{{reflist

External links

*Noguchi, Yuki
Access Denied
''Washington Post, 23 September 2006. *Catone, Josh
Bad Form: 61% Use Same Password for Everything
17 January 2008. Data security Password authentication

Causes

Responses

See also

Notes

External links