HOME

TheInfoList



Click Here for Items Related To - password fatigue
OR:
password fatigue on:   [Wikipedia]   [Google]   [Amazon]

Password fatigue is the feeling experienced by many people who are required to remember an excessive number of
password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
s as part of their daily routine, such as to
log in In computer security, logging in (or logging on, signing in, or signing on) is the process by which an individual gains access to a computer system A computer is a machine that can be programmed to carry out sequences of arithmetic o ...
to a computer at work, undo a
bicycle lock A bicycle lock is a security device used to deter bicycle theft, either by simply locking one of the wheels or by fastening the bicycle to a fixed object, e.g., a bike rack. Quick-release levers, as used on some bicycle wheels and seatpost faste ...
or conduct banking from an
automated teller machine An automated teller machine (ATM) or cash machine (in British English) is an electronic telecommunications device that enables customers of financial institutions to perform financial transactions, such as cash withdrawals, deposits, fun ...
. The concept is also known as password chaos or more broadly as identity chaos.


Causes

The increasing prominence of
information technology Information technology (IT) is the use of computers to create, process, store, retrieve, and exchange all kinds of Data (computing), data . and information. IT forms part of information and communications technology (ICT). An information te ...
and the
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
in employment, finance, recreation and other aspects of people's lives, and the ensuing introduction of secure transaction technology, has led to people accumulating a proliferation of accounts and passwords. According to a survey conducted in February 2020 by
password manager A password manager is a computer program that allows users to store and manage their passwords for local applications and online services. In many cases software used to manage passwords allow also generate strong passwords and fill forms. Pas ...
Nordpass, a typical user has 100 passwords. Some factors causing password fatigue are: * unexpected demands that a user create a new password * unexpected demands that a user create a new password that uses particular pattern of letters, digits, and special characters * demand that the user type the new password twice * frequent and unexpected demands for the user to re-enter their password throughout the day as they surf to different parts of an intranet * blind typing, both when responding to a password prompt and when setting a new password.


Responses

Some companies are well organized in this respect and have implemented alternative authentication methods or have adopted technologies so that a user's credentials are entered automatically. However, others may not focus on ease of use, or even worsen the situation, by constantly implementing new applications with their own authentication system. *
Single sign-on Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-enterin ...
software (SSO) can help mitigate this problem by only requiring users to remember one password to an application that in turn will automatically give access to several other accounts, with or without the need for
agent Agent may refer to: Espionage, investigation, and law *, spies or intelligence officers * Law of agency, laws involving a person authorized to act on behalf of another ** Agent of record, a person with a contractual agreement with an insuranc ...
software on the user's computer. A potential disadvantage is that loss of a single password will prevent access to all services using the SSO system, and moreover theft or misuse of such a password presents a criminal or attacker with many targets. *Integrated password management software - Many operating systems provide a mechanism to store and retrieve passwords by using the user's login password to unlock an
encrypted In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can deci ...
password database. Microsoft Windows provides Credential Manager to store user names and passwords used to log on to websites or other computers on a network,
Mac OS X macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and la ...
has a
Keychain A keychain (also key fob or keyring) is a small ring or chain of metal to which several keys can be attached. The length of a keychain allows an item to be used more easily than if connected directly to a keyring. Some keychains allow one or b ...
feature that provides this functionality, and similar functionality is present in the GNOME and
KDE KDE is an international free software community that develops free and open-source software. As a central development hub, it provides tools and resources that allow collaborative work on this kind of software. Well-known products include the ...
open source desktops. In addition,
web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used o ...
developers have added similar functionality to all of the major browsers. Although, if the user's system is corrupted, stolen or compromised, they can also lose access to sites where they rely on the password store or recovery features to remember their login data. *Password management software such as KeePass and Password Safe can help mitigate the problem of password fatigue by storing passwords in a database encrypted with a single password. However, this presents problems similar to that of single sign-on in that losing the single password prevents access to all the other passwords while someone else gaining it will have access to them. *Password recovery - The majority of password-protected web services provide a password recovery feature that will allow users to recover their passwords via the
email address An email address identifies an email box to which messages are delivered. While early messaging systems used a variety of formats for addressing, today, email addresses follow a set of specific rules originally standardized by the Internet Engineer ...
(or other information) tied to that account. However, this system has itself become a target of social engineering attacks by criminals. These criminals obtain enough information about the target to impersonate them and request a reset email, which is then redirected through other means to an account under the attacker's control, enabling the attacker to hijack the account. * Passwordless authentication - One solution to eliminate password fatigue is to get rid of passwords entirely. Passwordless authentication services such as Okta, Transmit Security and Secret Double Octopus replace passwords with alternative verification methods such as
biometric Biometrics are body measurements and calculations related to human characteristics. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used to identify in ...
authentication or
security token A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something. Examples of security tokens inc ...
s. Unlike SSO or password management software, passwordless authentication does not require a user to create or remember a password at any point.


See also

* BugMeNot *
Decision fatigue In decision making and psychology, decision fatigue refers to the deteriorating quality of decisions made by an individual after a long session of decision making.. It is now understood as one of the causes of irrational trade-offs in decision ma ...
* Identity management *
Password manager A password manager is a computer program that allows users to store and manage their passwords for local applications and online services. In many cases software used to manage passwords allow also generate strong passwords and fill forms. Pas ...
*
Password strength Password strength is a measure of the effectiveness of a password against guessing or brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to gues ...
*
Security question A security question is form of shared secret used as an authenticator. It is commonly used by banks, cable companies and wireless providers as an extra security layer. History Financial institutions have used questions to authenticate custome ...
*
Usability of web authentication systems Usability of web authentication systems refers to the efficiency and user acceptance of online authentication systems. Examples of web authentication systems are passwords, federated identity systems (e.g. Google oAuth 2.0, Facebook connect, Mozill ...


Notes

{{reflist


External links

*Noguchi, Yuki
Access Denied
''Washington Post, 23 September 2006. *Catone, Josh
Bad Form: 61% Use Same Password for Everything
17 January 2008. Data security Password authentication