Password fatigue


Password fatigue is the feeling experienced by many people who are required to remember an excessive number of passwords as part of their daily routine, such as to logon to a computer at work, undo a bicycle lock or conduct banking from an automated teller machine. The concept is also known as password chaos or more broadly as identity chaos.

Causes

The increasing prominence of information technology and the Internet in employment, finance, recreation and other aspects of people's lives, and the ensuing introduction of secure transaction technology, has led to people accumulating a proliferation of accounts and passwords.
According to a 2002 survey of British online-security consultant NTA Monitor, the typical intensive computer user has 21 accounts that require a password.
Some factors causing password fatigue are:
Aside from contributing to stress, password fatigue may encourage people to adopt habits that reduce the security of their protected information. For example, an account holder might use the same password for several different accounts, deliberately choose easy-to-remember passwords that are too vulnerable to cracking, or rely on written records of their passwords.
Many sites, in an attempt to prevent users from choosing easy-to-guess passwords, add restrictions on password length or composition which contribute to password fatigue. In many cases, the restrictions placed on passwords actually serve to decrease the security of the account. Some sites also block non-ASCII or non-alphanumeric characters.
Password fatigue will typically affect users, but it can also affect technical departments who manage user accounts as they are constantly reinitializing passwords; this situation ends up lowering morale in both cases. In many cases users, end up typing their passwords in cleartext in text files so as to not have to remember them or even writing them down on post-it notes which they then stick in a desk drawer.

Solutions

Some companies are well organized in this respect and have implemented alternative authentication methods or have adopted technologies so that a user's credentials are entered automatically. However, others may not focus on ease of use, or even worsen the situation, by constantly implementing new applications with their own authentication system.