July 9, 2020

Volume X, Number 191

July 09, 2020

Subscribe to Latest Legal News and Analysis

July 08, 2020

Subscribe to Latest Legal News and Analysis

July 07, 2020

Subscribe to Latest Legal News and Analysis

July 06, 2020

Subscribe to Latest Legal News and Analysis

Password Fatigue

Everyone hates passwords. They are difficult to remember, and human nature is to re-use them across platforms, which is well-known to be a no-no. Managing passwords is time consuming, cumbersome and a pain. Which is why they continue to be a problem for security.

A recent research study sponsored by Yubico and conducted by Ponemon Institute entitled The 2019 State of Password and Authentication Security Behaviors Report surveyed 1,761 IT and IT security practitioners in four countries, in order “to understand the beliefs and behaviors surrounding password management and authentication practices for individuals both in the workplace and at home…to understand if these beliefs and behaviors align, and why or why not.”

The conclusion of the report is “that despite the increasing concern regarding privacy and protection online and a greater understanding of the best security practices, individuals and businesses are still falling short. Both parties are in dire need of solutions that will offer both added security and convenience.”

According to the report, respondents spend an average of 12.6 minutes each week or 10.9 hours per year entering and/or resetting passwords. I actually think that is a conservative number, based upon my own experience. The report states that this results in a productivity and labor loss of $5.2 million annually per company. That is a staggering statistic.

Until we can find a better method of authentication, passwords will continue to be a challenge, both personally and professionally. Nonetheless, they are incredibly important for security, and providing employees with tips on how to manage their passwords is still a valuable risk management strategy. I continue to maintain that the use of passphrases is a tip that employees can relate to and it is helpful to encourage the use of complex passwords in your organization.

The Yubico -Ponemon study confirms what we all know: users are sick and tired of passwords. Even so, providing employees with information about how important they are and how to pick a passphrase that makes sense to them is critical to protecting your company’s data.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume IX, Number 87


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...