And how you can reduce those costs.
In the world of authentication, passwords cost companies a lot of money.
Here's an example. If you make your employees use passwords, you will probably also ask them to change them regularly. Say, every 90 days.
This makes four times a year that I as an employee would typically change it. And four times a year, I’d forget it. But I’m getting ahead of myself. Ignore this part for now.
Hi, I'm Vita Moskaliova, Field Integration Engineer and Customer Support Specialist at Identité. Let’s see together how much changing/resetting a password costs your company. Or better say – how much is it to unlock a security key – the way we, cyber security and passwordless MFA guys call it.
How much does it cost to change a password for a company per employee?
If I have to change my password, it takes on average about 15 minutes away from my work time, each time.
So, four times a year, that's one hour of my time. Now – and it's different across the world – but in the United States the average cost of a worker is about $50 an hour (and €31 for EU, for example).
The numbers vary across the industries but it's safe to say $50 for every password reset.
So, let's just say there's a group of passwords that you're going to change four times a year. Which translates into the following numbers:
For a company with 150 employees – $50 x 150 = $7,500
For a company with 350 employees – $17,500
For a company with 500 employees – $25,000
For a company with 1000 employees – $50,000
That's one password cost.
I mentioned forgetting passwords – which requires a password reset.
Okay, let’s admit that each time after changing your employees’ passwords they will likely forget a couple of them. Usually we do it much, much more frequently (51% of us users forget their password at least once a month), but that’s a whole different story.
Internally, there would be a help desk that people would typically call into to get that password reset. Well, on average, every call to the help desk can cost over $86, according to Forrester.
So if your employees forget their password twice a year, that's 172 more dollars of average cost of password reset. Now we're up to passwords that are costing you probably $222 a year for using them.
Employees find ways to make password management easier – but put your company at risk!
Frequent password change and complex password policies result in, according to Keeper Security Workplace Password Malpractice Report 2021:
Keeping new password in a text message or email on some other device (62%)
Saving new password in an unprotected document (49%)
Writing the password on a sticky note and pinning it to the desktop (57%), like the guy from the Hawaii’s Emergency Management Agency did.
Source: Daily Mail
What if we removed the password?
What would it cost me to remove the password?
Ah, glad you asked because it only costs you $24 a year in our passwordless MFA Workforce subscription per employee.
You're saving $198.
If you change or reset your passwords more frequently, the savings will be higher.
Some corporate security policies advise 60 and even 30-day password expiration periods. I’ll do some simple maths for you:
Savings for a 60-day password expiration period: $247 - $24 = $223
Savings for a 30-day password expiration period: $322 - $24 = $298
At this, we assume that only the amount of time away from work has changed, which is 15 min for every password change. We still assume that the users will forget their passwords and contact the help desk only twice a year ($86 x 2).
By the way, if you still insist that your staff should change their passwords 3-6 times a year and more, maybe this is the sign to reconsider your security approach. Frequent password changes are considered bad practice now, according to NIST. See below:
With our Passwordless MFA solution you save yourself time, money and efforts on keeping your employees and data safe.
Comments