Security Fatigue Is Costing You Customers: How to Reduce Friction Without Raising Risk

Picture this: You’re shopping for a rain jacket using your smartphone, and you’re ready to buy. First, you must select all the CAPTCHA squares that contain buses. (Is that part of a tire?) Then you can’t remember your password, so you reset it—but not before struggling to come up with one that meets the complex requirements. Then you wait for the one-time passcode (OTP) text. And you wait. It doesn’t come, so you hit resend three times. When you still haven’t received the verification code, you call customer support to complete your order but hang up in frustration after waiting on hold for 10 minutes. Your next stop is Amazon, where checkout is quick and easy.

Account security is essential, but login friction jeopardizes customer experience, leading to security fatigue and impacting revenue growth. Security is the top concern related to digital experience (endorsed by 78% of survey respondents), but ease of use is a close second (76%). Customers don’t want to jump through hoops to access their account. When logging in is too complicated, customers may give up on purchases as well as essential actions—like managing their account, paying a bill or scheduling an appointment. It stops all kinds of customer journeys in their tracks.

What Is Security Fatigue in Customer Experience?

“Security fatigue”—the feeling of weariness and frustration that users experience when faced with numerous, complex security measures—is a term often associated with employees, who are overwhelmed by password change requests, multifactor authentication (MFA) prompts, and cyber alerts (many of which are false positives). But customers may experience security fatigue around account access, leading them to abandon purchases and essential actions—and ultimately, brands.

CX leaders must combat security fatigue by balancing security and convenience. The right customer experience (CX) solutions reduce security fatigue by streamlining authentication, personalizing communication and automating routine security step.

What Causes Security Fatigue? And How Does It Hurt Customers and Brands?

Too many, overly complicated security measures can cause:

Frustration and stress. Customers are forced to make security decisions frequently, like verifying their identity multiple times just to pay a bill, update an account or access services. Password overload is real. On average, an internet user has 168 passwords for personal accounts—a 70% increase in just the past three years. More than half (57%) of U.S. consumers report feeling overwhelmed by too many passwords, and 45% feel anxious about password security.

Security risks. When security feels like a hassle, people take shortcuts like reusing passwords or creating weaker, more predictable ones, jeopardizing their accounts. Almost one fifth (16%) of Americans report using the same password for all or most of their accounts.

Increased customer care costs. Customers who can’t log in or reset their password may call the contact center for help. Password-related issues are expensive to resolve because they often require identity verification and manual intervention.

Revenue loss. When account authentication and verification are slow or disjointed, customers abandon transactions and businesses lose revenue. “Login friction isn’t just an annoyance. It’s a revenue killer,” according to the CEO of a customer identity/access management software provider. A whopping 87% of U.S. consumers have abandoned a purchase or account sign-up because of login issues, and survey respondents who find login procedures to be too long or complex are 46% more likely to give up on a purchase. Twenty percent of Americans have been locked out of a paid subscription, converting a minor login problem into financial losses and eroding brand loyalty.

Churn. Account access friction may push customers to your competitors. Two-thirds (67%) of Americans have stopped using an account or website entirely due to login hassles, and 55% did so after forgetting their password. This overwhelming process often drives up security fatigue, causing additional stress on account users. More than half of Americans (52%) would consider switching to a company with a simpler login experience.

The CX Solution: Reduce Security Fatigue by Making Security Smooth and Supportive

To make account security more convenient:

1. Streamline identity verification and account authentication. Use cybersecurity tools like MFA with push approvals for one‑tap confirm/deny. Then apply risk‑based, adaptive checks so low‑risk customers glide through while higher‑risk scenarios receive stronger verification. You can pair these controls with journey logic so verification requirements adjust in real time based on device, location, and behavior.
2. Offer passwordless options. Reduce reliance on passwords by offering passkeys, device biometrics (e.g., fingerprint or face) and magic links for verified devices. Customers don’t have to remember complex credentials or call the contact center when they can’t log in.
3. Use behavioral and contextual signals. Reinforce security with patterns in typing cadence, swipe behavior and session context. You can combine these patterns with device reputation and location as a way to quietly verify legitimate users—and flag anomalies—without extra steps.
4. Deliver real-time, two-way alerts for suspicious account activity. Notify customers immediately (on the best channel to reach them: SMS, push, email or voice) when off‑pattern logins, account changes or transactions occur, and let them confirm or deny with a single tap. This prevents unnecessary holds, reduces false positives and speeds restoration.
5. Personalize security-related outreach. Honor channel preferences, limit the frequency and coordinate outreach timing across teams to ensure the critical alerts cut through the digital noise. Sending a fraud alert email to someone who rarely checks their email won’t enable the customer to immediately confirm their log-in or purchase.
6. Enable self-service recovery. When customers have trouble accessing their account, make it quick and easy for them to reset passwords or recover locked accounts without speaking with a live agent. Offer guided, self‑serve flows for account recovery, device changes and MFA resets across web, app and IVR. Escalate easily to live support with full context when needed
7. Use intelligent AI agents to handle messy responses. When customers reply with freeform text instead of structured inputs (like pressing 1 or 2), AI agents can interpret intent, label it clearly (fraud/not fraud/needs time), and re-engage at the right time or escalate if risk is high. This keeps security tight without locking out legitimate users.

Security and CX Teams (and AI Agents) Must Collaborate to Combat Security Fatigue

At this point it’s clear: addressing security fatigue isn’t just IT’s job. It’s a shared mission for all teams responsible for security as well as CX. Those teams must work together to design processes and journeys that keep data safe and make every interaction simple and supportive. Joint teams can also deploy intelligent agents trained to interpret intent, reduce authentication friction, and trigger the right escalation—closing the gap between strict security and smooth journeys.

Key security journeys and pain points to watch for:

Authentication and Verification

• Are customers struggling with MFA steps or password resets?
• Do low-risk users face unnecessary hurdles, while high-risk scenarios lack sufficient checks?
• Is login abandonment or support call volume rising due to confusing or repetitive authentication?
• Can intelligent agents step in when customers get stuck (e.g., failed MFA, forgotten password), guiding them to the next best step without forcing a call to support?

Fraud Resolution

• Are fraud alerts reaching customers too late, or through channels they rarely check?
• Do legitimate transactions get blocked, causing frustration and extra support contacts?
• Is the process for confirming or denying suspicious activity slow or unclear?
• Are agents in place to interpret unstructured customer responses (like freeform replies instead of “1 = fraud / 2 = not fraud”) so intent is captured, security is maintained, and the journey keeps moving?

Account Recovery

• Are customers able to easily recover access after failed logins, lost devices or fraud holds?
• Is identity verification too complex, leading to abandoned recovery attempts?
• Do customers need to wait for live agents? Or can they resolve issues through self-service?

How CX and IT Teams Can Collaborate

• Jointly review journey analytics and customer feedback to pinpoint friction points.
• Map out the end-to-end experience for each security journey, highlighting where customers drop off or seek help.
• Work together to streamline authentication flows, personalize fraud alerts and expand self-service recovery options.
• Test changes and monitor impact—ensuring improvements reduce effort, increase trust and support business goals.
• Design intelligent agents together so they can interpret customer intent, resolve common access issues in real time, and escalate only when necessary.

An EHR Leader Delivers Frictionless Patient Portal Access With Fast OTP Delivery

A major U.S. electronic health records (EHR) software company needed to provide fast, secure access to patient portals, but without frustrating delays or increased security risk. The company’s previous SMS OTP authentication system was slow and unreliable, risking security and patient experience. The EHR company partnered with CSG to implement a custom built, HIPAA-compliant SMS OTP solution with an average OTP delivery time of less than 1.2 seconds (well below the 5-second industry benchmark). The solution enabled patients to access their accounts easily and securely, with fast, reliable authentication that didn’t add friction to the experience.

Strong Security, Easy Experience: Let CSG Help You Get It Right

Account security is a big deal—and sometimes a deal breaker. Businesses need to get account security “just right”—not too loose, not too tight—to combat security fatigue, protect sensitive data and retain customers. The good news? It’s often just a matter of smoothing out the CX edges that get left by a robust security protocol. Still, that’s easier said than done—unless you’re using the right customer engagement platform.