Knock, knock. Who's there? Touch ID. Again. Picture this: you're working in your terminal, pulling secrets from 1Password with op read . You need the Linear API key. Touch ID. The OpenRouter one. Touch ID. The Gitea token. Touch ID. In half an hour it asked for my finger fourteen times. You know what happens when a security tool interrupts you fourteen times in thirty minutes? By the fifth prompt, you're no longer reading what it's asking for. You place your finger reflexively. "Yes, whatever, let me work." And that's exactly where security falls apart. Auth fatigue: the problem nobody wants to acknowledge This has a name in security circles: authorization fatigue . It's not a new concept. It's the same principle used in MFA fatigue attacks: bombard the user with authorization requests until they approve one out of sheer exhaustion. In 2022, a 17-year-old breached Uber's internal systems exactly this way.…