This week we talk about how frustrating passwords can be and look into how targeting this pain point benefits both customers and businesses.

The effect of password fatigue

How old-school password security is causing businesses to lose revenue.

Ingrid Spiga


4 minute read

It must be a mix of uppercase and lowercase letters, numbers and special characters. It must not include names or words that can be found in the dictionary. It must be hard to guess but easy enough for you to remember. And above all, it must never be written down.

These are the rules that give me a headache every time I’m asked to set up a password for something. And with more of our lives moving online, we’re being asked to create more and more passwords... and remember them. But isn’t the concept of passwords flawed, considering that for a password to be difficult enough for a hacker to guess, it also has to be difficult for me to remember?

In short
  • Remembering all your passwords is becoming an impossible feat.
  • Businesses are losing sales due to users forgetting passwords.
  • The most obvious way forward for all businesses is biometric recognition technology.
Too many passwords or not enough brain bandwidth?

I am more of a visual person. Remembering names is hard enough, remembering all the different passwords to my various accounts seems like an impossible feat. But I was happy to learn that I’m not alone in my struggle. A recent study found that 78% of people will have reset their password to a personal account in the last 90 days1.

Remembering one password isn’t the problem, remembering dozens of them is. The passwords I enter daily like those for my laptop, phone and bank account are constantly being reinforced in my memory. But those I only enter once a month, or a handful of times a year, like passwords to online shopping accounts, I can never remember when I need them. Our brains can only hold so much information, and if I’m not using these passwords frequently enough, they’re replaced with other priorities like work deadlines or remembering to buy more nappies on the way home. Reusing the same password for multiple platforms isn’t really an option either, since it creates a big security risk.

What does password fatigue mean for businesses?

When online shopping, I regularly find myself abandoning my cart during the checkout stage because I get frustrated trying to remember my customer account login. A joint study conducted by MasterCard and the University of Oxford revealed that a third of customers are lost at checkout because they can’t remember their passwords, and 18% of cart abandonment is due to password reset issues2. With 40% of ecommerce transactions being impulse purchases, any interruption to the transaction gives a customer the chance to question whether they really need that third pair of white sneakers. For businesses, it’s responsible for millions of dollars in lost revenue.

Online shopping is more competitive than ever these days. The last thing your business wants is for your customers to shop at one of your rival stores purely because they can’t remember their password to their account with you, and can’t be bothered resetting it.

But while passwords are the source of so much frustration, they are becoming more and more important as online security attacks increase. 

“The last thing your business wants is for your customers to shop at one of your rival stores purely because they can’t remember their password…and can’t be bothered resetting it.”

What can businesses do?

Instead of forcing customers to use a complicated password, businesses need to start offering alternatives that make life easier for customers.

Already many companies are offering access to password managers. This software stores all the user’s passwords in an encrypted format, only accessible with a master password. It provides strong security without asking the user to remember a million different variations. 

Another alternative for those who are not comfortable with password managers, are Knowledge Based Authentications (KBA). These verify the user’s identity by asking them a personal question – such as their mother’s maiden name or their first pet’s name. Although easier to remember, the answers to these can be found by hackers.

The best solution for businesses is to consider integrating biometric technology, like fingerprint and facial recognition, into their platforms. It’s already used on smart phones and other personal electronic devices, and has been readily adopted by security-conscious businesses like banks for use in their mobile banking applications. It’s not only extremely hard to recreate, which provides higher security than traditional passwords, it’s also simpler and quicker for the user. Win-win.

With more and more of our lives moving online, the expectation for users to remember multiple passwords for their different accounts is unreasonable. The move towards a single system that allows users to verify their identity quickly and safely everywhere, seems inevitable. While biometric recognition technology is a large financial investment, if businesses want to keep up, investing could become a necessity. 

on Apple abandoning passwords
iOS 16 may signal the beginning of the end for passwords. Apple has previously opted for a combined approach, with both biometrics and passwords. But now, 'passkeys' have arrived: a pair of digital keys that work together to authenticate a log in from their respective locations on a server and your device.

Written by Ingrid Spiga, editing by Adelaide Anderson, 52 Words by Abby Clark, key visual by Alice Guo, page built by Alice GuoGeorgie Drinnan.
  1. Lani Leuthvilay, Study Finds 78% of People Reset a Password They Forgot in Past 90 Days (10 December 2019) HYPR.
  2. Mastercard and University of Oxford, Mastercard Newsroom.
  3. Rutgers University, Do you know how and why you forget passwords? (6 September 2018) ScienceDaily.
CX Lavender acknowledges the Traditional Custodians of Country throughout Australia and their connections to land, sea and community. We pay our respect to their Elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.