“The password you have entered isn’t correct. Please try again.”
A message that doesn’t fail to cause a sinking feeling in even the strongest of stomachs.
Forgetting a password is easily done and is not by any means limited to the forgetful of the population. These days we are hyper-conscious of password security. Trying to remember which password we have used for which account is one thing, but we are often faced with the additional challenge of trying to remember where we put the random capital letters and special characters.
Becoming locked out of a personal account elicits dread, and often the tedious process of reliving our childhood to remember the names of long dead but not forgotten pets, and jumping through a multitude of other hoops in order to verify that we are in actual fact ourselves, who have just forgotten the all-important password.
But becoming locked out of a business account is so much worse – simply by principle, the security is often much higher – so getting back in is not so easy.
Passwords are a gateway to corporate data and are always under risk of cyber-attacks. Protective measures against these potential attacks are a high priority and can often result in increasingly complex password rules, guidelines and structures. Rules that dictate the minimum length, complexity and types of characters used are commonplace. Additional guidelines can influence how often they are changed, used and even stored all to maintain the integrity of the information they protect. Typically, a corporate password policy will define strong passwords as long, complex, never before used and changed periodically. All ingredients for a password that can be easily forgotten by an end-user.
Forgotten passwords and frozen accounts are an inescapable occurrence within Enterprise organisations, with the resulting impact and cost being significant.
Gartner found that between 20-50% of all helpdesk calls are password related, with the time spent on resolving these issues ranging from between 2 and 30 minutes. A password-related issue can be a continual drain on employee and administrative resources. As the productivity of one is stunted for just as long as their access to their account is, the productivity of the tech team is diverted to password resets from other potentially more beneficial IT projects. Forrester found that the cost to an organisation of resetting a password was £50. Multiplying that by the number employees in your organisation, and the typical number of resets in a year, can quickly create some eye watering costs - and that's not factoring in the downtime for end-users, another significant cost.
Passwords as a method of authentication are not going to disappear in the near future and are more likely to grow increasingly complex as organisations look to increase identity assurance for access to corporate data. As complex passwords are here to stay, it's inevitable that end-users will forget them - creating downtime for themselves and cost for IT helpdesks who are required to reset internal passwords, such as Active Directory.
Finding a solution to this problem is often a cause for concern for many organisations. However, the problem can be solved by implementing two measures:
- Remove the need for end-users to manage, type or even know the passwords required to access applications by implementing Single Sign-On
- For the passwords they do have to remember, e.g. Active Directory, implement self-service password reset, enabling end-users to reset their AD password, removing the burden from the IT helpdesk.
Password-related costs for a 1,000 user organisation can amount to around £300,000 each and every year. But, just how much are forgotten passwords and reduced productivity costing your organisation?
Check out the ROI Calculator below to find out how much password-related problems are costing your company. You can download the ROI calculator here or by clicking the Free Download button below.