1Password published a study detailing employees’ risky online behavior caused by their organizations’ complex authentication requirements. The study found that 43% of employees admitted engaging in these behaviors because of “login fatigue,” which negatively impacted their productivity and mental health. The behaviors include sharing login credentials, offloading tasks to others, or abandoning certain tasks to avoid logging in.
The Unlocking the Login Challenge study warned that the identified risky online behaviors had “widespread repercussions” on the companies.
Complex authentication requirements undermine productivity, attitudes, and benefits
1Password found that complex authentication requirements took a toll on employees’ mental health, reduced productivity, and forced workers to relinquish certain benefits.
According to 44% of respondents, logging in and out of apps destroyed their moods or affected their productivity. This feeling was most common among younger generations, such as Gen Z (59%) and Millenials (49%), unlike Gen X (47%) and Boomers (33%). Subsequently, 26% of employees gave up performing a task at work to avoid the hassles of logging in and out of apps.
Similarly, 62% of employees missed more than 10 hours of meetings per year because of logging in issues. The absence resulted from employees skipping the setup of paid video conferencing software.
Additionally, 38% of employees procrastinated, delegated, or skipped setting up new work security apps because of the challenging login processes.
Surprisingly, most employees’ login woes started on their first day at work, with 37% finding the onboarding process time-consuming, confusing, or challenging regarding logging in to work accounts.
Even worse, only 12% of newcomers had the companies set their logins during the onboarding process. The remaining majority felt overwhelmed and stressed (42%), behind on work (34%), frustrated by the company (28%), and unwelcome (10%).
The password-related stress and mental health concerns exist while companies struggle to attract and retain top talents, who might end up disappointed on their first day.
Blurring the lines between work and personal life
These login challenges forced employees to cross the line between work and personal life. Worryingly, nearly half (45%) of employees use personal Facebook and Gmail accounts for single sign-on (SSO) at work.
These personal accounts were beyond the protection of the companies’ security departments. “These accounts can’t be properly managed under IT security policies and often circumvent IT management controls that keep companies safe,” the researchers stated.
Subsequently, this risky online behavior exposed companies to various security risks they could not mitigate.
Poor online behavior creates hacking paranoia
Based on their increased online activity, such as shopping online, 61% of employees believed they were more likely to be hacked than a year ago. Nearly half (44%) of the workers were paranoid of getting hacked or scammed, while 42% had their accounts compromised before.
However, 36% of the employees worried about hacking because of their appalling online behavior, such as password reuse across websites and sharing accounts with family members and friends.
Poor perception of the company’s security policy encourages risky online behavior
The confusing authentication requirements caused 30% of employees to perceive their companies’ security policies negatively. This perception made them care less about good security practices, thus encouraging their risky online behavior and putting organizations at more risk.
This behavior is akin to reading complex software terms of service, where most users do not bother to understand the confusing language.
The poor perception of their companies’ security policies also caused employees to develop negative attitudes towards certain work apps.
The situation is exacerbated by data breaches that encourage more stringent authentication requirements. Unsurprisingly, employees equated complex authentication requirements with safety.
According to Dr. Karen Renaud, a human-centric security expert, organizations impose additional authentication requirements after every incident, with each condition creating more friction and hampering productivity.
Employees invent workarounds to circumvent complex authentication requirements.
The study found that 43% of employees invented workarounds to alleviate logging-in miseries associated with complex authentication requirements. This risky online behavior transformed employees into “negligent insider threats.”
According to the study, 11% of employees offloaded a task to their colleagues to avoid logging into work accounts. Similarly, 13% abandoned a task, shared a login (16%), figured out a workaround to complete a task without logging in (17%), or ultimately gave up logging in (19%) because it took too long.
“Modern companies are grappling with the unintended consequences of complex login processes. Although they were designed to protect us, they are in many cases creating more stress, elevating risk and hurting the bottom line,” said Jeff Shiner, CEO of 1Password. “This report is a wakeup call that it’s time to invest in human-centric security that’s as easy to use as the workplace and personal apps we rely on every day.”
