Request a free demo today!
A recent whitepaper revealed that employees spend 11 hours a year resetting their passwords. For organisations with 15,000 employees, this represents a productivity loss of $5.2 million. The average cost of a password reset request is $30-$70. Annually, this translates to total IT helpdesk staffing costs of $1 million.
Passwordless authentication helps reduce these costs.
But by how much?
What is the passwordless cost? Is it lower or higher than password-based authentication cost?
Password-based Authentication: Risks and Costs
Passwordless authentication is a way to verify a user’s identity without requiring them to type a password. Authentication is based on “possession factors” like hardware cryptographic device and “inherence factors” like fingerprints or facial scans.
Password-based Security Risks
With traditional systems that rely on “knowledge factors” like passwords, there’s no way for the user (or enterprise) to know if their memorable secret is safe from theft or compromise; and more importantly if it has already been compromised. This risk to user and enterprise security is one of the biggest drawbacks of these systems.
IDEE’s 2021 IAM Risk Calculator provides an easy way for organisations to calculate this risk, based on factors like authentication method used, additional controls implemented, etc.
So, for an organisation that:
- Identifies users at registration via email addresses,
- Authenticates them via passwords,
- Enforces a strong password policy,
- Relies on the Helpdesk for Account Management
the security risk is very high.
In short, passwords = very high risk.
In addition to weakening the security posture, passwords are also problematic in other ways. They require constant handling and management by both users and IT Helpdesks. This not only increases costs, but also affects productivity.
Password-based Security Costs
IDEE’s Cost Calculator helps organisations simulate the costs of password-based authentication.
So, if they have:
- 3000 users
- 10 helpdesk requests per employee per year at an average cost of €30 per request
- 254 working days
- 1 incident per year (requiring a password reset),
they will incur:
- Helpdesk cost for password resets: €900,000
- Annual cost of password data entry: €352,500
- Annual cost of time spent on password resets: €8,326
- Annual maintenance cost of Multi-factor Authentication (MFA): €169,920
- Annual cost of time spent on password resets after an incident: €210,000,
for a total cost of €1,640,746.
That’s over 1 million Euros spent (wasted) on password-related expenses.
Additionally, passwords also increase the cost of mitigating a data breach. In 2020, this figure was $3.86 million globally – not a small amount by any means.
Passwordless Cost vs Benefits
What about passwordless costs?
How do they compare to the costs of password-based authentication?
One passwordless cost comes from the additional hardware that may be required for authentication. For instance, WebAuthN (FIDO2) authentication uses a secure hardware module or security key. If the module is not already built-in, a separate device may be required. But if it is built in, this cost is zero. Moreover, the advantages of strong security, reliable authentication and protection from phishing, account takeovers and other issues more than make up for this small cost.
What about passwordless cost for software-based authentication? Using passwordless authentication based on a Smartphone is even more affordable, since no additional security device is required. Moreover, a Smartphone is a ubiquitous and low-friction way to implement passwordless authentication for both the enterprise and users.
With “completely passwordless” authentication, there’s minimal or no maintenance effort or cost. Compare this to password-based authentication where users maintain passwords, and the organisation maintains password renewal, reset and recovery systems. They must also invest in tools to protect passwords from compromise by bad actors.
All in all, passwordless cost is much lower than the cost of password-based systems. Plus, it’s easily outweighed by its many benefits.
In a recent study 69% of users said that passwordless authentication provides strong security. This is because it’s based on multiple strong factors, not weak memorised secret passwords that can be easily re-used, stolen or compromised. Passwordless authentication minimises or prevents the likelihood (and costs) of many threats observed in 2020:
- Over 80% of cyber breaches caused by passwords
- Over 28% of attacks caused by insiders
- 12% of breaches involving privilege misuse
Further, it eliminates the need for password resets, which helps save time for both users and Helpdesk teams, reduces expenses, and increases productivity. It also enables the organisation to:
- Accelerate innovation
- Gain a competitive edge
- Protect its reputation and,
- Maintain regulatory compliance
And last but not least, passwordless authentication offers better user experiences, so employees will actually use the system, instead of looking for “shortcuts” that introduce security risks.
All in all, passwordless cost easily outweighs cybersecurity risks, financial costs and productivity losses common with password-based systems.
Ready to try passwordless? Explore all benefits of IDEE’s Zero-Trust Passwordless Authentication solution now!
About the Author
Proudly made in Germany, IDEE’s AuthN™ is a truly passwordless, zero-trust authentication and authorization service for today’s organisations. AuthN removes all password-related threats to increase security, simplify auditing and compliance, and reduce the immense pressure on IT budgets. With IDEE AuthN, your organisation can seamlessly transition to passwordless login, and leap ahead of bad actors looking to harm you. That’s why AuthN is trusted by CIOs and IAM experts alike. To book a free, no-obligation demo, click here.