One of the most common tasks IT service and help desks carry out are resetting user passwords.
Unfortunately, despite it being an easy task, it’s both tedious for IT staff and incredibly costly to a company. Passwords remain the core authentication method for many businesses, so this issue is a top priority.
Why are account lockouts and password resets so common?
What are the costs of password resets?
While a simple password reset seems like a trivial matter, the costs are high. Several studies have shown that upwards of half of all service desk calls are related to password resets, and each of these calls costs money—sometimes upwards of $70 for a single reset. This is a combination of IT staff time, resources, and:
Each time a user takes time to reset a password—a process which might involve stalling out on a project, calling a help desk, waiting on hold, waiting for a reset, choosing a new password, and then logging back in… they are on the company’s dollar, and not being productive in a measurable way. In fact, Forrester’s researchers found that employees spend an average of eleven hours a year trying to remember their passwords and getting them reset. Scale those lost hours up to time taken out of each employee’s day, across a company of hundreds or thousands of people, and you’re at literal millions of dollars of lost revenue.
While not every company uses e-commerce, the ones that do have noticed sharp effects when it comes to password resets and abandoning a high-value e-cart. The more friction there is when purchasing—whether creating a password for the first time, or resetting one because the user forgot it—dramatically increases the likelihood that a purchase won’t be made at all.
What can companies do to reduce lockouts and costs?
It’s no secret that passwords are a massive security concern for organizations of all sizes.
Before a password can be changed for an end-user, their identity needs to be verified, because the account must be kept secure. Businesses must remain on high alert for social engineering tactics, and find a secondary way of confirming a user identity. Staff often walk through security questions or ask for other authentication codes to double check that the user is in fact the owner of the account.
Verizon’s 2022 DBIR found that compromised credentials are the source of almost 90% of data breaches in some way. Breaches, ransomware, and phishing attacks can have massive repercussions for companies, from reputational damage and lost revenue all the way to financial ruin.
Better password security and hygiene is one of the fastest ways to simply reduce the number of resets that need to occur per employee per year.
Following NIST password guidelines can be a good starting place:
Read more about password hygiene for your company here, and get started on decreasing the costs of password lockouts and resets.