Source: Pexels
Password-based authentication has always been a sore topic in enterprise cybersecurity. Passwords are inconvenient and hard to remember, this often leads employees to develop bad password hygiene; using weak, easy to remember or the same password across multiple online accounts, writing them down in post-it notes, or storing them in insecure computer files – this has become a big issue, as weak or stolen passwords happen to be the major cause of enterprise data breaches.
In order to prevent this issue, enterprises are fond of mandating the use of different, more complex passwords for different online accounts. When this is combined with the need to regularly change these passwords according to set data security suggestions and guidelines, passwords become too hard for employees to remember, and when they inevitably forget, employees, tend to do what they see the most as a solution – call the help desk.
Forgetting a password is by far one of the most common reasons people reach out to the help desk. The help desk is contacted all the time, regarding password issues. According to META Group, help desks receive over 20 calls per user on average, per year. A Gartner report also revealed that over 40% of all help desk tickets are related to password resets.
Employees and customers of an organization tend to see the help desk as the easiest and most efficient way to solve their problems regarding forgotten passwords or the need to change them rather than going through the inconvenient task of trying to remember them. Lack of education (both technological and general) can mean that some users will still see a help desk call as the easiest and quickest way to solve their password-related problems.
Password resets may sound and seem like an easy task but it’s not a simple 2-minutes fix. Instead, employees must contact the help desk and may be forced to wait for a long period of time to get the issue resolved. In addition, during help desk non-working hours, employees may be locked out of enterprise applications or tools, which means enterprise employees may be rendered unproductive for hours.
While employees wait for password resets, enterprises not only lose a lot of time that would have been otherwise used to be productive but they also lose a lot of money. On average, it costs enterprises $70 for every password reset; this adds up over time, costing enterprises a lot because of how employees forget their passwords and require a reset, with over half of users admitting to forgetting their passwords frequently.
It’s not hard to see that passwords and password reset calls have become a major source of productivity loss for many organizations. A survey of 600 IT professionals revealed that 36.7% of US and 60% of UK companies have over 25 apps that require passwords, because of how numerous these passwords are, employees are bound to forget, this ends up costing enterprises 2.5 months of lost productivity a year on password resets.
Training Employees to Do It Themselves
A common solution for the debacle that is help desk calls is giving employees and business customers the ability to reset passwords entirely by themselves without the need to call the help desk through Self-service Password Reset Software (SSPR). Much as the name implies, an SSPR solution gives employees the ability to securely unlock their accounts and reset their passwords without the need of contacting the help desk.
It delegates the task back to the user using a self-service workflow thus relieving the burden of password resets from help desk calls. Many companies have started using this in recent times, as it greatly reduces the number of help desk calls, saves time, and improves overall company efficiency.
However, the problem with passwords goes far beyond just help desk calls; passwords render enterprise security weak because they are just too easy to hack or intercept. This quick and easy solution only addresses the problem of help desk calls without taking into account that passwords are insecure by their very nature.
Eliminating Passwords
The writing is on the wall: in order for businesses and enterprises to successfully increase employee efficiency, reduce cost, and eliminate the mundane tasks that plague help desk calls while improving security, they’ll need to completely eliminate traditional means of authentication like passwords and replace them entirely with modern, more secure means of authentication.
SSPR may improve a few areas – reducing cost and improving efficiency, but it doesn't quite deliver like passwordless technology, which has the added advantage of removing passwords. Passwordless technology, by eliminating passwords, not only vastly improves ease of use and security, but it also eliminates the habits that lead to employees developing bad password hygiene; creating and remembering various complex passwords for different online accounts.
Instead of verifying users’ identities and granting user access with the use of passwords, passwordless technology takes into account two main factors: who employees are (biometric technology like face, iris, or fingerprint scanning technology) and what they have (mobile number, key card, and access token/badge). By doing this, passwordless technology allows desk teams to focus on important and more worthwhile tasks.
Different passwordless authentication technology may take different approaches in verifying users; however, they all have one thing in common – they don't store employee data within a system, this is what makes passwordless technology inherently more secure than traditional and password-based security technology.
Passwordless authentication solves the issues that SSPR targets and more. Because of its benefits, passwordless technology has seen increased adoption in recent years, with a 2021 survey showed that cost savings, putting a stop to credential theft and phishing, and user experience were the main reasons respondents chose to deploy passwordless technology across their organizations.
Passwordless technology also decentralizes the authentication process. Rather than storing users' credentials and passwords on servers, passwordless technology works by using private keys generated from and stored on employees’ devices thus making it harder for hackers to breach and guaranteeing maximum security.
Conclusion
Whenever the negative effects of passwords are discussed, it’s easy to only view it as negatively affecting enterprise cybersecurity. However, the problem of forgotten passwords goes beyond that – passwords reduce employee productivity, burden help desks, and cost enterprises a lot of money.
Today, passwords serve as one of the main causes of security breaches, as password fatigue and reuse still plague the cybersecurity industry. The clamor to completely remove passwords from organizations and services has been long overdue. The voices are growing in volume and number in recent years, especially as over 80% of data breaches are caused by weak or stolen passwords.
With almost half of help desk calls being wasted on mundane, unnecessary tasks like password resets, it is easy to see why employees and help desk centers are frustrated. Passwords need to be eliminated so that help desk employees and IT teams will be granted the freedom and time to solve more tasking, interesting, and important matters. And with more modern passwordless technology, there is no better time to eliminate the time-consuming and costly ordeal of password resets and of using passwords altogether than now!