Password-based authentication has always been a sore topic in enterprise cybersecurity. Passwords are inconvenient and hard to remember; this often leads employees to develop lousy password hygiene, using weak, easy-to-remember words or the same password across multiple online accounts.
Major Cause of Enterprise Data Breaches
Another too-oft-repeated no-no with passwords is writing them down in post-it notes, or storing them in insecure computer files. This practice sets the person up for the big issue of weak and stolen passwords to happen.
To prevent this issue, enterprises are fond of mandating different, more complex passwords for other online accounts.
When this is combined with the need to regularly change these passwords according to set data security suggestions and guidelines, passwords become too complex for employees to remember, and when they inevitably forget, employees tend to do what they see the most as a solution — and they call the help desk.
Forgetting a password is by far one of the most common reasons people reach out to the help desk.
The help desk is contacted all the time, regarding password issues. According to SLACK, help desks receive over 20 calls per user on average per year. A Gartner report also revealed that over 40% of all help desk tickets are related to password resets.
Employees and customers of an organization tend to see the help desk as the easiest and most efficient way to solve their problems regarding forgotten passwords or the need to change them rather than going through the inconvenient task of trying to remember them.
Lack of education (both technological and general) can mean that some users will still see a help desk call as the easiest and quickest way to solve their password-related problems.
Password resets may seem like an easy task, but it’s not a simple two-minute fix.
Instead, employees must contact the help desk and may be forced to wait for an extended time to resolve the issue. In addition, during help desk non-working hours, employees may be locked out of enterprise applications or tools, which means enterprise employees may be rendered unproductive for hours.
While employees wait for password resets, enterprises not only lose a lot of time that would have been otherwise used to be productive, but they also lose a lot of money.
On average, it costs enterprises $70 for every password reset; this adds up over time, costing enterprises a lot because of how employees forget their passwords and require a reset, with over half of users admitting to forgetting their passwords frequently.
It’s not hard to see that passwords and password reset calls have become a significant source of productivity loss for many organizations.
A survey of 600 IT professionals revealed that 36.7% of US and 60% of UK companies have over 25 apps that require passwords; because of how numerous these passwords are, employees are bound to forget, this ends up costing enterprises 2.5 months of lost productivity a year on password resets.
Training Employees to Password Change Themselves
A standard solution for the debacle of help desk calls is giving employees and business customers the ability to reset passwords entirely by themselves without calling the help desk through Self-service Password Reset Software (SSPR).
Much as the name implies, an SSPR solution gives employees the ability to securely unlock their accounts and reset their passwords without the need to contact the help desk.
It delegates the task back to the user using a self-service workflow, thus relieving the burden of password resets from help desk calls. Many companies have started using this in recent times, as it dramatically reduces the number of help desk calls, saves time, and improves overall company efficiency.
Yes, Your Password Security is Easy to Intercept
However, the problem with passwords goes far beyond just help desk calls; passwords render enterprise security weak because they are just too easy to hack or intercept. Therefore, this quick and easy solution only addresses the problem of help desk calls without considering that passwords are insecure by their very nature.
Eliminating Passwords
The writing is on the wall: for businesses and enterprises to successfully increase employee efficiency, reduce cost, and eliminate the mundane tasks that plague help desk calls while improving security. Businesses will want to completely stop traditional means of authentication like passwords.
Replace Passwords with Secure Means of Authentication
SSPR may improve a few areas – reducing cost and improving efficiency, but it doesn’t quite deliver like passwordless technology, which has the added advantage of removing passwords.
Passwordless technology, by eliminating passwords, vastly improves ease of use and security and eliminates the habits that lead to employees developing bad password hygiene, which is creating and remembering various complex passwords for different online accounts.
Passwordless Technology as a Solution
Instead of verifying users’ identities and granting user access with passwords, passwordless technology considers two main factors. These factors are: who employees are (biometric technology like face, iris, or fingerprint scanning technology) and what they have (mobile number, key card, and access token/badge).
Passwordless technology allows desk teams to focus on essential and more worthwhile tasks.
Different passwordless authentication technologies may take different verification approaches; however, they all have one thing in common — they don’t store employee data within a system. Not keeping vital data in the system is what makes passwordless technology inherently more secure than traditional and password-based security technology.
Passwordless authentication solves the issues that SSPR targets.
Because of its benefits, passwordless technology has seen increased adoption in recent years. A 2021 survey showed that cost savings, preventing credential theft and phishing, and user experience were the main reasons respondents chose to deploy passwordless technology across their organizations.
Passwordless technology also decentralizes the authentication process.
Rather than storing users’ credentials and passwords on servers, passwordless technology works by using private keys generated from and stored on employees’ devices, thus making it harder for hackers to breach and guarantee maximum security.
The Negative Effects of Passwords
Whenever the adverse effects of passwords are discussed, it’s easy to view it as negatively affecting enterprise cybersecurity. However, the problem of forgotten passwords goes beyond that — passwords reduce employee productivity, burden help desks, and cost enterprises a lot of money.
Today, passwords serve as one of the leading causes of security breaches. But, unfortunately, password fatigue and reuse still plague the cybersecurity industry.
The clamor to altogether remove passwords from organizations and services has been long overdue.
In recent years, the voices are growing in volume and number, primarily as over 80% of data breaches are caused by weak or stolen passwords.
With almost half of help desk calls being wasted on mundane, unnecessary tasks like password resets, it is easy to see why employees and help desk centers are frustrated.
Conclusion
Passwords need to be eliminated so that help desk employees and IT teams will be granted the freedom and time to solve more tasking, interesting, and essential matters.
With more modern passwordless technology, there is no better time to eliminate the time-consuming and costly ordeal of password resets and using passwords altogether than now.
Image Credit: George Milton; Pexels; Thank you!