Drowning in passwords? You may be security fatigued

It is now commonplace to e-shop and bank online, and it is becoming second nature to give away personal details on most websites. Despite the huge amount of delicate data we store online, on average a Briton accesses at least four separate websites with the same login details.

The NIST study revealed that users are showing a sense of tiredness in relation to their login credentials. Some are more frustrated by the time wasted in remembering and/or accessing “useless information”. Mary Theofanos, computer scientist and co-author of the study, explains: “Years ago, you had one password to keep up with at work, now people are being asked to remember 25 or 30. We haven’t really thought about cybersecurity expanding and what it has done to people.”

The experiment shows that many interviewees have a fatalistic approach to online security, accepting the inevitability of being hacked in the future and therefore choosing not to worry at present. It is hard not to adopt a similar outlook when international companies, such as Yahoo, fall victim to hacking attacks – if they succumb, what chance does a regular individual have to resist?

The data provided three tips to alleviate security fatigue and help users maintain secure online habits and behaviour:

1. Limit the number of security decisions users need to make
2. Make it simple for users to choose the right security action
3. Design for consistent decision making whenever possible

The results of the study raise fears for national e-security.

"If people can't use security, they are not going to, and then we and our nation won't be secure," said report co-author Brian Stanton.