Navigating account logins can be an annoyingly complex process

In the ever-evolving digital landscape, the process of logging into apps and websites has become more intricate and demanding due to heightened cybersecurity requirements. This complexity is a response to the increasing sophistication of cyber threats, diverse access patterns, and the need for stronger identity protections in an increasingly interconnected and cloud-based environment.

Evan Lahti, the editorial operations lead for PC Gamer worldwide, is at the helm of the PC Gaming Show, an annual E3 showcase event dedicated to PC gaming. Meanwhile, in the realm of cybersecurity, threats loom large. Oleg Naumenko, CEO and co-founder at Hideez, warns that gaming accounts, with their monetary value, are a prime target for account thieves.

One of the key factors contributing to this complexity is the rise in threat sophistication. Cyber attackers employ advanced techniques like multi-stage, obfuscated malware and AI-driven personalized attacks, easily bypassing traditional security tools. To counter these threats, organisations implement layered, adaptive defenses, adding friction to user login flows.

Multi-factor authentication (MFA) is a common example of this added security. While it enhances security by requiring extra verification steps, it also causes delays and requires context switching, especially on mobile devices with limited screen size and typing challenges. Sessions may also be managed inconsistently across devices, further complicating login experiences.

Cross-platform and device challenges also contribute to the complexity. Users interact with services via various devices, each with different authentication capabilities and varying password manager support. Synchronising login states and credentials reliably across these devices remains difficult, increasing login friction and user confusion.

Moreover, the increasing use of AI agents, cloud infrastructure, SaaS applications, and "non-human" identities has expanded attack surfaces and obscured threat context. To mitigate risks in this data complexity, firms layer additional security controls around identity and access management, increasing login process complexity.

Legacy systems and reactive security approaches further complicate matters. Many organisations rely on outdated defenses that fail against zero-day and stealthy malware attacks, necessitating continuous patching and integration of new security technologies.

Despite these challenges, there are solutions on the horizon. Passkeys, the latest invention of the cybersecurity sector, are password replacements that are more secure and theoretically a bit easier to use. However, they still require the step of authentication to another device.

The World Economic Forum claims that employees worldwide spend an average of 11 hours each year entering or resetting their passwords. The process of logging into a website on a mobile device may involve multiple steps, such as pulling up the website on the phone's browser, auto-filling passwords, and entering 2FA codes. Some websites may even ask users to retrieve a new email and click on a confirmation link to log in.

Anar Israfilov, CEO at Cyberoon Enterprise, explains that the "Remember me" feature in web or app logins is not permanent and depends on a browser cookie. However, your own settings can unknowingly get in the way of the "Remember me" promise being fulfilled, due to authentication cookies not being saved properly by certain browsers, short expiration windows, or bugs in the code.

The concept of 'Zero Trust', which assumes users are malicious until proven otherwise and requires authentication steps like biometrics, verification codes, captchas, email confirmations, and other identity checks, has become mainstream in the tech industry.

However, there are legal restrictions around how long login details can be stored, particularly under GDPR or in certain US states like California's CCPA. Logins are designed to mitigate attacks and social engineering that bad actors employ in 2025.

Roger Grimes, a data-driven defense evangelist at cybersecurity firm KnowBe4, states that every website is being forced to implement more login authentication checks due to growing attacks focused on authentication. Logging into apps or websites often requires a contorted, unpredictable dance of arbitrary tasks, email checking, and captchas.

In summary, the growing complexity and burden of logging in are the security industry’s response to more advanced cyber threats, diverse access patterns, and a need for stronger identity protections in an increasingly interconnected and cloud-based environment. While this complexity may be frustrating for users, it is a necessary measure to protect our digital assets in the face of ever-evolving cyber threats.

Evan Lahti, in charge of the PC Gaming Show, confronts the cybersecurity issues that plague the gaming world, as Oleg Naumenko, the CEO of Hideez, alerts about the potential theft of gaming accounts due to their monetary value.
One method used by organizations to counter the increase in sophisticated threats is implementing layered, adaptive defenses, which incorporate multi-factor authentication (MFA) to enhance security, leading to user delays and context switching, particularly on mobile devices.
The rise in AI agents, cloud infrastructure, SaaS applications, and "non-human" identities has expanded attack surfaces and often obscured threat context, prompting the addition of extra security controls around identity and access management, further complicating the login process.
Despite these challenges, innovative solutions such as passkeys, which are password replacements designed to be more secure, are being developed. However, they still require the step of authentication to another device.
Legal restrictions, such as those under GDPR or in certain US states like California's CCPA, place limitations on how long login details can be stored, adding another layer of complexity to the login process and the protection of our digital assets.