Security Fatigue


By Philip Smedegaard


Please update your password settings. Please enter a new password that does not include your birthday. Password must contain special characters.

These terms and conditions for activating a new profile, buying flowers online, or basically Googling anything, have become engrained in the online-user experience. According to the National Cyber Security Center, the average Briton today has 22 separate passwords and uses the same password for at least 4 different websites. The exponential growth of goods and services available to the world through the internet, has inherently invited security requirements regarding the safe-keeping of personal details, payment details, and sensitive data.

The recent report on “Security Fatigue”, set out to measure the average computer users’ attitudes towards cybersecurity, however, it resulted in a high level of ‘security fatigue’ amongst the test subjects. Security fatigue can be defined as the, “weariness or reluctance to deal with computer security”. From this, risky and lazy personal security follows which makes people more susceptible to the likelihood of fraud and cybercrime.

The problem as outlined in the study, is that average computer users will thereby make rushed security decisions such as using similar passwords, or leaving privacy sections blank. This can lead one to question if, the very mechanisms designed to protect our data, are actually making people more prone to malware? According to the study, the team, “learned that the majority of their average computer users felt overwhelmed and bombarded, and they got tired of being on constant alert, adopting safe behavior, and trying to understand the nuances of online security issues”. These problems could potentially leak into the workplace as well, suggesting larger implications not only for private users, but cyber threats to firms as well.

From the findings however, it is concluded that there are three ways of combating Security Fatigue (Source: NIST).

  • Minimising the amount of security decisions users need to make
  • Simplifying security actions
  • Streamlining decision making

It is understandable that it is difficult to manage 22 passwords for different websites or having to spend loads of time filling-in privacy content. Until the security measures and privacy settings become more streamlined and consumer trust is simplified, it is worth remembering to use a variety of high-strength passwords and to take the time to protect one’s personal data.