General > General Technical Chat
Login Fatigue Is Plaguing Organizations, 1Password Study Finds
Black Phoenix:
https://vpnoverview.com/news/login-fatigue-is-plaguing-organizations-1password-study-finds/
--- Quote ---The study — conducted in June and released Thursday, Sept. 15, 2022 — showed that login fatigue is common in firms that employ stringent security guidelines. This is particularly true for larger organizations where more two-factor authentication, antivirus software, and VPN use are common.
“But accessing the essential software we need to do our jobs is still too complicated, disruptive, and downright annoying — leaving employees frustrated and putting essential data and information at risk,” researchers said.
--- End quote ---
--- Quote ---Over a quarter of workers said they have completely given up on some tasks to avoid login fatigue and 62% of employees even miss parts of meetings. This results in over 10 hours of meetings on average missed, per year, the study said. Around 19% of workers also entirely skipped free perks, discounts, requesting time off, and open enrollment as a result of arduous login procedures.
“Workers have admitted to feeling more zoned out and stressed when they’re told to recall several of their logins for different accounts,” affecting their productivity the study said.
--- End quote ---
Regarding myself, I don't use 1Password, since having my credentials in the cloud is not my dream. I've been using since 2008 an opensource app called Keypass that creates a database file and have support officially or via the community in most systems as Linux, iOS, Windows Mobile and even Symbian.
The only think I need to remember is when I make changes to the database as adding a new entry, to sync with all the others (if different entries were made in 2 different systems and I didn't replace the main file before it) or plainly replace the copy (if it was only one system and all copies are the same old version).
Yubikey would be an alternative no?
Someone:
--- Quote from: Black Phoenix on September 21, 2022, 10:00:17 am ---Yubikey would be an alternative no?
--- End quote ---
No, it can be a part of a replacement but alone its a pretty opaque blob that you dont know what its doing and requires handing over control/trust to the service you connecting it with (some services won't let you have multiple/backup hardware keys registered!)
dferyance:
Most of the multiple logins and password issues in organizations are self-inflicted. If I already logged into my work computer, why would I need to log into anything else? I'm authenticated, my session has a ticket, everything should accept that ticket. No need to login again. Either the software used isn't properly configured to trust the organization's Kerberos authentication or the software isn't well-designed and shouldn't be used.
I have to jump through hoops every time I access office-online from my computer. It requires a username, password and 2FA. However, if I run the office programs, which access exactly the same documents and data, it doesn't prompt me. That's a sign something isn't setup right. If I can get in without 2FA, it is optional, than is 2fa really doing anything for security?
Much of it too is these online services. They all have their own user accounts and passwords. But it is a solved problem. ADFS works. But either people sign up for online services without consulting IT or security or IT doesn't know or care about having single authentication. Makes user management a nightmare too. Think of all the accounts IT has to shut down when someone leaves, many IT doesn't even know about.
Marco:
I fear Apple will run away with secure login.
Passkeys are still a complete PITA if they can't be painlessly synced across trusted devices, U2F has been intentionally designed to make that impossible ... it's a mess (I suspect having dongle manufacturers be part of the standard process was not a good idea). Apple will not follow them down that rabbit hole. Better to have Apple's proprietary sanity than open standard insanity.
eti:
The man you need to speak to is Steve Gibson of GRC. He’s the de facto authority on this stuff. Listen to his “Security Now” podcast.
Navigation
[0] Message Index
[#] Next page
Go to full version