Password Fatigue: Why Users Hate Your Site
‘Password fatigue’ might sound like a mild annoyance that people label a problem in the absence of more challenging difficulties. Something that, as Shakespeare might say, is “much ado about nothing.”
But in reality, password fatigue isn’t just about tired fingers or exhausted memories. It is enough of an irritation that it can noticeably impact the stress level of your users, regardless of whether they are accessing your website at work or at home, by themselves or with families, friends or coworkers.
It is also interesting to note that it isn’t strictly an online phenomenon. After all, we keep track of similar bite-sized portions of information to access everything from bank ATMs to gymnasium lockers.
Yet online password fatigue is very real and very present. It is also of increasing importance to online businesses these days. As you continue reading you will learn what exactly it is, how it affects consumers and businesses, and a proven method of avoiding it.
A Plethora of Passwords
It is useful to know that password fatigue is much more widespread than one might think. That’s because the number of websites the average user needs a username and password for has dramatically increased over time.
Users find themselves with excel spreadsheets, notebook pages, and piles of sticky notes crammed full of assorted usernames and passwords. These login details range from being for frequent flier points to concert tickets to favourite ecommerce sites.
Typical passwords often contain variations on favourite sports teams or combinations of loved-ones names, such as those of children or spouses. Then there are the password classics like 123456, Password123, or Qwerty99 and the hack-worrier passwords with their seemingly nonsensical combinations of numbers, symbols and partial words.
Some of these passwords are used on a daily basis (such as email) while others are barely ever touched (such as retailers only used once or twice). So while the regularly used ones may be easy to remember, others can be almost almost impossible.
Memories are fluid, flexible things that can vary greatly from person to person, but Princeton psychologist George Miller devised the formula of 7 +/- 2 for the average capacity of short term memory. This means the brain can store 7 plus or minus 2 pieces of information within short term memory at a time.
This isn’t a hard and fast rule: some numbers can be memorized almost immediately while others need to be committed over and over again. You may have memorized your social insurance number almost instantly despite how rarely you use it but struggle to commit your boss’ phone number to memory even though you need it regularly.
Furthermore, the brain uses specific techniques to organize and arrange information, such as chunking to memorize phone numbers.
What does this tell us? Memorizing a password on its own is generally not too difficult. It’s the sheer number the average online user has to deal with that causes the problem and earned the label of ‘fatigue’.
An overloaded memory, particularly when the brain is stressed, fatigued, distracted, or rushed, is even harder to deal with.
A Pre-Password World
Memorizing internet usernames and passwords has not always been an issue. Back in the 90’s, the slow internet speeds, irregular service and limited content that dial-up university modems provided gave early Internet consumers plenty of headaches on their own.
That’s assuming they could get in the queue. The only time I was usually able to log on without issue was on Sunday evenings, when all the geeks were watching the X-Files.
When they were required, usernames and passwords were seen as small but necessary speed-bumps on the way to the utopia of information and interactivity predicated by the internet.
As internet speeds picked up with broadband and fiber-optic connections, consumers became used to effortlessly and instantaneously ‘surfing’ the internet (after all, there’s a reason that metaphor took hold).
This included communicating, sharing content and making online purchases. Site registration was the exception rather than the norm and consumers typically treated usernames and passwords without much consideration.
Today, many still don’t. Indeed, according to SplashData, a provider of password management applications, one of the most popular password used online is…”password”.
Variations of “123456”, “admin” and “qwerty” are also common choices and were listed as among the “Worst Passwords” consumers use for their most basic step in online security.
Perhaps this reflects the limitations of customer creativity or a somewhat naive faith in the security measures online businesses use, but its evident that passwords are repeated and overly simplified far too often.
An Arms Race of Passwords
Today, the vast majority of online retailers, service providers, and distributors use usernames and passwords. Increasingly, these passwords require increasingly arcane combinations of upper- and lower-case letters, numbers & symbols. For some sites, two-step verification is becoming increasingly common.
The end result? Password fatigue.
The necessity and importance of passwords may be obvious to you, in the context of working for an online business.
However think about it from the consumers side:
Of all the potential security steps a user can take, passwords are the first line of defense; the pawns in their chess games where virtually anonymous hackers are trying to steal their data.
When users have to change their passwords or use new identity verification processes, password fatigue begins to feel like a never-ending arms race. This battle rages on with hackers, criminals and spies on one side, and retailers, IP providers and governments on the other.
And consumers? They’re caught dead in the middle.
For every proactive step taken by the ‘good guys’, the ‘bad guys’ think of ways to overcome it.
Today, registering and providing information for one-off, relatively straightforward transactions can feel frustrating for customers.
Particularly for those:
- in a hurry
- accessing these sites on small mobile screens
For these consumers, frustration and inconvenience are basically unforgivable sins.
However, as security precautions deepened and online customer relationships were sought, registering to access content and purchase online became the norm. While it may seem obvious, lets consider the answer to the question of why we need usernames and passwords.
Why We Have Passwords
The need for security is obvious. No need to expand there, but beyond that, some companies explain why users need to log in. Generally, they cite security, community, added features and additional deals and promotions.
At its core though, one can assume that the average consumer wants assurance that their funds, accounts, messages and all other interactions online are safe and secure.
But that doesn’t make it any easier for you to deal with passwords.
Everyone with an email account regularly uses a password to access it. But as we know with spammers and scammers, email accounts are often a first step towards access to more lucrative things like bank accounts.
For example, an article in the Boston Globe on password fatigue cites US Vice Presidential candidate Sarah Palin’s Yahoo account being hacked in 2008 just from the use of data obtained by an easy Google search.
Password security came to the forefront in the spring of 2014 with the Heartbleed computer virus.
Heartbleed emerged from a bug within the Open Secure Socket Layers (Open SSL), a security protocol commonly used by many websites.
The bug may have existed for as long as two years, rendering enormous amounts of user data, particularly password question-answer combinations vulnerable to exploitation by hackers.
Hence the virus was rumoured to be the most widespread and destructive: “an 11 on a scale of 1 to 10.”
James Fallows, who covers technology for The Atlantic and experienced identity theft himself, wrote about Heartbleed. He recommended immediately changing all passwords & never using the same password twice among steps to avoid being ‘infected’.
He concedes that while there isn’t much the average individual user can do about Internet security, “we can make ourselves less rather than more vulnerable.”
Apply that to the general culture around online passwords and truer words have never been spoken.
How Your Business Suffers
How does this affect your business? Well it’s not hard to see that frustrated, unhappy customers are going to increasingly consider alternatives to your product if they have a hard time seeing it in the first place. This means fewer signups, lower return rates and abandoned shopping carts which all have negative impacts on your bottom line.
This is something you not only need to consider during the initial user interaction of logging in to your site for the first time, but also during the rest of the transaction process. Consider customers who log-on to the website of a big ticket item that they need time to think about purchasing (an airline ticket for example).
If the website locks them out within a brief time frame, they’re gnashing their teeth again logging into your site as you’ve interrupted what otherwise could have been a smooth, safe transaction.
The Password Fatigue Solution: Social Sign On
Perk up from password fatigue! There is one surefire way to overcome it and save your visitors and customers from frustration! It’s simple: implement social sign on.
Through social sign on (also known as social login), your customers can access your site safely and securely through their existing social media accounts, such as Facebook or Twitter.
You might be thinking, “but what about all my user data? I want to connect with my potential customers directly rather than through a third-party.” Luckily, I’m a mind reader.
By allowing your users to use social sign on, not only will you gain access to more user data (and more accurate social data) rather than less, but you will still maintain that direct connection with your customers and have a better chance to engage with them more.
Really the main thing that will change is that your users will be able to use the social network passwords they DO remember rather than irritably searching through that mess of password sticky notes on their desk. Oh, and they will be much more likely to sign up in the first place increasing your sign up and conversion rates.
No more fumbling or forgetting! By adding social sign on to your online sites and apps, you are allowing users to say hello to social sign on and goodbye to password spreadsheets, crumpled scraps of paper and the aggravation of trying to cram what feels like a million passwords into their brains.
As the internet has matured and individual websites with it, the requirement of login usernames and passwords has gone from a minor irritation to a major fatiguing experience for online users.
While everyone understands the need for online security in modern times with the growing risk of password hacking and online identity theft, user satisfaction with current registration and sign on processes has waned. The problem of password fatigue has become a real issue and will only become more and more damaging to businesses that refuse to recognize the issue and implement a solution for their users.
It’s not often that growing issues like this have obvious solutions, but in the case of password fatigue there is one; social sign on. By offering a social sign on option, you are giving your users a one-click solution while saving them time and frustration.