The thumbnail version:

  • Long, complicated, hard-to-crack passwords are often encouraged for providing security.
  • But there’s apparently an unanticipated downside to long, complicated passwords.

The full version:

According to an article in a recent edition of RGCS’s weekly newsletter, nearly half of employees use risky login practices. Quoting a 1Password study, it is pointed out that almost half of employees put their companies at risk by using risky online habits to avoid difficulties logging in and out of apps at work. Apparently this is mostly due to the hassle of dealing with complicated passwords.

A complicated password (often randomly generated by a password generator) would look something like this, iK*&bgF#cwx24P0lkO. Now, it may be secure inasmuch as such a password could take two hundred years to crack, but employees balk at the hassle of entering them. So they avoid the hassles by sharing login details, offloading tasks to others, or abandoning certain tasks altogether. And it doesn’t stop with just passwords. Apparently overly-complicated login processes generally lead to employees avoiding tasks or circumventing security whenever they can.

It’s a tricky situation. On the one hand the online security of your business cannot be taken lightly, but on the other hand, it has to be balanced with  minimizing the frustration endured by employees. RGCS concludes that based on the result of this survey, businesses need to “look at whether their login procedures and authentication achieve the right balance of providing security while enhancing productivity and workflow.” Staff need to be reminded of the reasons for security-based procedures and the benefits of what may at times appear to be complex login systems.

You cannot neglect your online security.