In large organizations, password resets are an unavoidable part of IT operations. However, what often gets overlooked is the actual cost—both tangible and intangible—associated with manual password resets. While it may seem like a minor administrative task, its cumulative impact on productivity, IT resources, and employee satisfaction can be significant.

The Hidden Costs of Manual Password Resets

Tangible Costs

The most immediate and measurable cost of a password reset is the time spent by IT staff. Gartner estimates that the average cost of a manual password reset is approximately $70 and includes:

1. Labor Costs: The time IT support staff spend handling each reset request.

2. Operational Downtime: The loss of productivity experienced by the employee waiting to complete the password reset.

3. Infrastructure and Tools: Any specialized tools or systems IT uses to process these resets.

Intangible Costs

Beyond the direct monetary expense, there are other harder-to-quantify costs:

1. Employee Frustration: Employees unable to access systems face interruptions that can derail their workflow.

2. IT Burnout: Handling repetitive tasks like password resets can lead to disengagement and burnout among IT support staff.

3. Security Risks: Frequent resets handled manually increase the chance of human error or insecure practices, such as improperly verifying a user's identity.

When scaled to a large organization, the cumulative effect of these costs is staggering. Consider an organization with 1,000 employees requiring an average of two yearly resets. At $70 per reset, that's $140,000 annually, not including intangible costs.

The Solution: Self-Service Password Reset Software

Self-service password reset (SSPR) software offers a way to mitigate these costs. Organizations can save time and money by enabling employees to reset their passwords without involving IT.

The SSPR Advantage

With our LogonBox SSPR solution, we've helped organizations save significant time and resources. For example, one organization using LogonBox SSPR achieved the following:

- Resets Per Year: 3,912

- Hours Saved: 652

Let's break down the savings. If the cost of a manual reset is $70, the total annual cost without SSPR would have been:

3,912 x 70 = $273,840

With 652 hours saved, assuming an IT staff hourly rate of $40, the organization saved:

652 x 40 = $26,080

In this example, the adoption of LogonBox SSPR saved the organization nearly $300,000 a year, factoring in direct reset costs and reclaimed IT hours.

Factors to Consider When Implementing SSPR

While password reset software offers significant advantages, it's not a panacea. Organizations need to consider several factors to ensure successful implementation:

1. Enrollment Process: Some SSPR solutions require users to enrol in advance. Enrolment can be a barrier if users must remember to enrol or find the process cumbersome.

2. Ease of Use: The software must be intuitive and accessible. Complicated reset procedures can negate the intended benefits.

3. Security: Balancing ease of access with robust security measures is crucial. Ensure the solution incorporates strong authentication mechanisms to prevent misuse.

4. Deployment and Integration: The software should integrate seamlessly with existing systems, minimizing disruptions during deployment.

Features to Look for in Self-Service Password Reset Software

When selecting SSPR software, organizations should prioritize the following features to maximize efficiency and security:

1. Modern Authentication Methods:
   • FIDO2: Passwordless authentication using secure hardware keys or biometric devices.
   • Passkeys: A simplified yet secure authentication method tied to user devices.
   • Phishing-Resistant MFA: Multi-factor authentication methods immune to phishing attacks, such as app-based push notifications or hardware tokens.
2. User Experience:
   • An intuitive interface that makes it easy for employees to reset passwords without training.
   • Multi-language support for global organizations.
3. No Enrollment Requirement:
   • Solutions that do not require users to pre-enrol eliminate barriers and ensure all employees can benefit immediately.
4. Security Features:
   • Strong identity verification mechanisms, such as biometric checks or secure links.
   • Detailed logging and audit trails to track reset activity and detect anomalies.
5. Integration and Scalability:
   • Compatibility with existing identity management systems and directory services.
   • The ability to scale with organizational growth.

Potential Security Risks and Mitigation Strategies

While self-service password reset software offers many advantages, it is not without risks. Organizations should be aware of these potential security challenges:

1. Unauthorized Access:
   • If authentication methods are weak, malicious actors could exploit the reset process to gain unauthorized access.
   • Mitigation: Implement strong authentication methods such as FIDO2, biometrics, and phishing-resistant MFA.
2. Phishing Attacks:
   • Attackers may attempt to spoof the reset interface to steal user credentials.
   • Mitigation: Use secure links with expiration times and educate employees about recognizing phishing attempts.
3. System Misconfiguration:
   • Improperly configured software can expose vulnerabilities or fail to enforce security policies.
   • Mitigation: Regularly audit system configurations and ensure alignment with organizational security policies.
4. Data Breaches:
   • Sensitive information related to resets, such as answers to security questions, could be exposed if not adequately secured.
   • Mitigation: Avoid using traditional security questions and store reset data in encrypted formats.
5. User Error:
   • Employees may inadvertently misuse the system, leading to potential security lapses.
   • Mitigation: Provide user training and an intuitive interface to minimize errors.

By understanding and addressing these risks, organizations can deploy SSPR solutions confidently, ensuring both convenience and security.

Why No-Enrollment Solutions Are Better

No-enrollment does come at a potential security cost. For example, no-enrolment systems generally gather information from the user directory, like mobile telephone numbers and email addresses. However, don't discount these if you have non-technical users.

One critical aspect is whether the software requires prior enrollment. Solutions like 2FA Express, which eliminate the need for user enrollment, provide better outcomes by:

- Reducing barriers for first-time users.

- Ensuring all employees can immediately benefit without prior action.

- Simplifying the overall user experience.

If enrolment is required, it should be simple and integrated into user workflows to ensure employees sign up quickly and effectively. For example, when the user logs in to their desktop computer, this is an ideal time to request the set-up of credentials.

If you have non-technical users, use easy-to-understand authentication methods. Passkeys and app-based authentications may be more complicated and require more support to enrol users than a one-time password email sent to a secondary email address or a mobile phone.

Conclusion

Password resets represent a hidden yet significant cost to large organizations. Manual processes strain IT resources, disrupt productivity, and increase operational expenses. Self-service password reset software, like LogonBox SSPR, provides a scalable solution that reduces costs and improves the user experience.

However, organizations must approach implementation thoughtfully. Choosing a solution that prioritizes simplicity, security, and ease of use—and avoids cumbersome enrollment processes—will maximize the benefits. With the right strategy, SSPR can transform an organization's approach to password management, driving long-term efficiency and savings.

‍