Notifications
Clear all
Topic starter
12/06/2026 10:07 pm
TL;DR: Authentication friction is not just a user-experience problem, it is an identity governance failure that pushes risk into daily operations, according to Axiad’s survey of 2,000 US office workers. The survey found that 60% said authentication stopped them doing their jobs, 59% contacted IT because they were locked out, and workers spent an average of 4 hours 43 minutes fixing authentication issues.
NHIMG editorial — based on content published by Axiad: Do passwords impact productivity?
By the numbers:
- 60% admit that authentication processes have stopped them from doing their job
- 59% have had to contact the IT department at their workplace because they were locked out of their computer
- 5 hours (4 hours 43 minutes) to fix, (4 hours 43 minutes) to fix authentication issues at work
Questions worth separating out
Q: How should organisations reduce password-related lockouts without weakening security?
A: They should move the highest-friction user groups to stronger authentication methods, then track whether lockouts, reset calls, and recovery time fall.
Q: Why do passwords still create productivity problems in mature IAM programmes?
A: Passwords still create problems because they depend on human memory, frequent reuse, and manual recovery.
Q: How can teams tell whether authentication improvements are actually working?
A: Look for declining reset volume, fewer lockout incidents, shorter recovery times, and lower help desk demand for identity issues.
Practitioner guidance
- Measure authentication friction as an operational risk Track lockout frequency, reset volume, and time lost to authentication recovery alongside normal IAM metrics.
- Prioritise passwordless rollout for the most interrupted user groups Focus first on teams that report frequent lockouts, heavy app dependence, or repeated IT contact.
- Remove informal password exceptions from policy paths Review departments that still rely on passwords by default even where MFA or stronger methods are already available.
What's in the full article
Axiad's full research covers the survey detail this post intentionally leaves for the source:
- Breakdown of the 2,000-respondent survey methodology and respondent profile.
- Full question wording behind the password, lockout, and productivity findings.
- Additional survey context on worker attitudes toward authentication and MFA.
- The 2022 survey update that follows this baseline report.
👉 Read Axiad's survey on passwords and productivity →
Password friction and lockouts: what IAM teams need to fix?
Explore further
13/06/2026 12:39 am
Password friction is an identity governance failure, not just a usability complaint. When 60% of workers say authentication stopped them doing their jobs, the control is no longer merely inconvenient, it is breaking business flow. The programme lesson is that authentication design must be judged by operational continuity as well as assurance.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which means most identity teams are still operating without complete machine identity inventory.
A question worth separating out:
Q: What should security and IAM leaders do when users know about MFA but still use passwords?
A: They should treat that as a rollout and governance failure, not a knowledge problem. The organisation must examine default policy, application compatibility, and exception handling to understand why stronger methods are optional in practice. Awareness without enforcement leaves the password as the path of least resistance.
👉 Read our full editorial: Passwords are still slowing work and exposing authentication gaps
