Academic Centre of Excellence in Cyber Security

Angela Sasse – The Great Authentication Fatigue – End of an Era?

The Great Authentication Fatigue – End of an Era?

M Angela Sasse, UCL

In this talk, I summarise evidence of the burden that authentication creates in many organizations. Based on interviews, diary studies, and examination of log files, we can provide details of how authentication disrupts individual tasks. The burden of authentication results not only from the mental and physical work associated with authentication, but the re‐start cost associated with the disruption of the primary task. There is an urgent need to develop solutions that are less burdensome for users and less discruptive for their tasks. A recent industry initiative, the FIDO alliance, provides a framework for authentication without passwords. In organisational contexts, we could replace most explicit authentication events with implicit mechanisms that do not burden and discrupt users, and reserve explicit action for events where active consent or agreement is required. In conclusion, I will argue that the end of the great authentication fatigue is in sight, but that we can learn important lessons for security in general from this case.

M. Angela Sasse is the Professor of Human-Centred Technology and
Head of Information Security Research in the Department of Computer
Science at University College London (UCL), UK, and the Director of the Research Institute in Science of Cyber Security.  A list of projects and publications can be found at