Password Resets Are The Biggest Problem Your Company’s Not Facing
In the mad scramble to get situated and set up for remote work, there’s something that your help desk is painfully aware of and you may not be.
They’re tiny, silly little things on the surface. You reset your password for various websites, forums, or social media accounts all the time. How can it be that bad at work?
The answer is that they’re a significant hidden risk to your organization - as both a money drain and major cybersecurity concern.
How Much Do Password Resets Really Cost?
There’s multiple studies that indicate password resets can cost about $70 per reset, with overall password management being somewhere north of $300 per user per year. This cost isn’t necessarily an across-the-board calculation you can make based on software or expense reports. The cost is more insidious and harder to measure.
The real cost of password resets lies in areas such as overhead costs for your employees, lost productivity, and the cybersecurity risks you’re allowing in your organization by trying to make it as easy as possible for your helpdesk to reset passwords in the first place.
While the general cost in employee labor and lost productivity is a common theme when trying to make the case for replacing passwords with something you can’t forget (such as biometrics), the cybersecurity element can’t be overlooked.
Password Resets and Cybersecurity
What are you sacrificing by trying to make the password reset process easier? Have you chosen a ticketing system to help streamline things for your IT team, adding a layer of bureaucracy to your reset process? If each reset requires a ticket, that requires the user remembering how (and your helpdesk can probably tell you how good your users are at submitting tickets correctly), or even having to bypass the system entirely if they’ve managed to get locked out of their workstation. That type of bypassing makes for poor cybersecurity awareness, and works against a culture of security that you should be building into your organization.
Maybe instead, to make it easier for users to reset their own passwords, you might have changed settings on certain security parameters to lighten the load for your IT team. The settings you change, or the process you tinker with to make it easier for your end user, also makes it easier for a bad actor to gain access to your system.
If you’ve missed the memo to enable two-factor authentication, access to your systems is just one reset password away from someone determined to get in. Even two-factor authentication isn’t enough of a security feature anymore - as numerous recent high-profile hacks have demonstrated. Twitter’s recent hack of numerous high profile accounts included resetting the passwords of 45 accounts!
There’s an Easy Solution: Biometric MFA
For many users, multi factor authentication (MFA) is viewed as adding more friction to a login process, not less.
That’s where using a biometric MFA solution, such as GoVerifyID, proves that wrong. By replacing passwords with a biometric login, your users start with a process they’re familiar with - entering their username to access a workstation, business system, or software. Instead of a password, they use a biometric measurement: palm scan, voice recognition, fingerprint, or facial authentication. For high stakes access, such as money transfers, confidential information, or HIPAA protected data, the user can be prompted to enter two biometrics, rather than just one.
The real upside is that there’s no password to forget. No password to reset. Not only is the login process itself more secure by drastically increasing the difficulty of attempting to hack in, but the entire password reset risk has been mitigated.
It’s so easy and quick to install that we showcased the entire process from installation, enrollment, and deployment in a 30 minute webinar. Register here to see for yourself how easily you could be replacing passwords in your organization right now.