Business and Enterprise
Protect your company from cybercriminals.Start Free Trial
Password resets are not only a security problem, but they also lead to financial costs and lost productivity due to the resources required to complete them.
Password resets refer to invalidating a current account password and creating a new one. At an organisation, password resets typically occur because employees have forgotten their passwords and can't log into the accounts they need to do their jobs. Their organisation may also have a mandatory policy that requires passwords be changed every 30-90 days.
The helpdesk is responsible for assisting users at an organisation with technology issues – including password resets, which is one of the common requests they receive. Because of how common they are, resets are a common target for cybercriminals. Without password management, password resets are a serious vulnerability that can be costly.
Forrester Research found that the cost of each individual password reset is $70. This can add up to thousands or millions of dollars per year, depending on the size of an organisation. One study found corporations can spend an average of $5.2 million per year on password resets. However, this is only the hard cost associated with a password reset. There are also other associated costs, known as soft costs, which are the sum of the wide-reaching ripple effects of password resets within organisations.
Your IT support team could spend their time on improving admin infrastructure, system hardening and more. Instead, they spend up to half their workday helping employees reset passwords. While employees wait for a password reset, they are prevented from working since they can’t get into their accounts. Password resets reduce productivity for both your helpdesk and other employees, which delays profitable projects.
Continuous and time-consuming password resets can harm your employees’ password management habits. Employees frustrated by forgetting their password may resort to reusing passwords, using dictionary words and personal details like birthdays in their passwords or using short passwords. These are all bad habits that put organisations at risk of attacks by cybercriminals that lead to data breaches.
Mandatory password resets also leave organisations vulnerable. Often with these kinds of password resets, employees just add a number or character to their existing password. This increases risk because cybercriminals often try password variations during credential stuffing attacks.
On average, a data breach costs a company $4.35 million. Since over 80% of data breaches are caused by weak passwords, efficient password management that prevents resets and the use of weak passwords is vital to protect against cyberthreats.
With a password manager employees will no longer need to rely on themselves to remember their passwords since password managers securely store them all. This not only reduces the number of helpdesk tickets for forgotten passwords, but also allows employees to focus on their jobs rather than wasting time trying to get into their accounts – improving overall productivity.
With password management, organisations can address risks associated with poor password practices and human error. A good password manager seamlessly integrates best cybersecurity practices with the everyday workflow of employees and makes it easy for IT to enforce strong password requirements.
Rotating passwords for high-risk credentials takes hours, especially for IT professionals working with complex enterprise systems. Automated password rotation reduces the time spent on this tedious work, allowing them to work on projects that generate more value.
The global cyber insurance market is expected to become a $20 billion industry by 2025. In other words, cyber insurance is expensive in a landscape with increasing threats. Cyber insurers charge premiums based on an organisation's attack surface and cybersecurity practices. Password management can be a positive factor in getting a reduced premium. Cyber insurers may also refuse to cover the costs of attacks caused by not using industry-standard cybersecurity practices, such as proper enterprise password management.