![]() Moreover, a Smartphone is a ubiquitous and low-friction way to implement passwordless authentication for both the enterprise and users. What about passwordless cost for software-based authentication? Using passwordless authentication based on a Smartphone is even more affordable, since no additional security device is required. Moreover, the advantages of strong security, reliable authentication and protection from phishing, account takeovers and other issues more than make up for this small cost. But if it is built in, this cost is zero. If the module is not already built-in, a separate device may be required. For instance, WebAuthN (FIDO2) authentication uses a secure hardware module or security key. One passwordless cost comes from the additional hardware that may be required for authentication. What about passwordless costs? How do they compare to the costs of password-based authentication? Passwordless Costs In 2020, this figure was $3.86 million globally – not a small amount by any means. Additionally, passwords also increase the cost of mitigating a data breach. So, if they have: - 3000 users - 10 help desk requests per employee per year at an average cost of €30 per request - 254 working days - 1 incident per year (requiring a password reset) They will incur: - Helpdesk cost for password resets: €900,000 - Annual cost of password data entry: €352,500 - Annual cost of time spent on password resets: €8,326 - Annual maintenance cost of Multi-factor Authentication ( MFA): €169,920 - Annual cost of time spent on password resets after an incident: €210,000 For a total cost of €1,640,746 That’s over 1 million Euros spent (wasted) on password-related expenses. IDEE’s Cost Calculator helps organisations simulate the costs of password-based authentication. This not only increases costs, but also affects productivity. They require constant handling and management by both users and IT Helpdesks. In addition to weakening the security posture, passwords are also problematic in other ways. So, for an organisation that: - Identifies users at registration via email addresses - Authenticates them via passwords - Enforces a strong password policy - Relies on the Helpdesk for Account Management The security risk is very high. IDEE’s 2021 IAM Risk Calculator provides an easy way for organisations to calculate this risk, based on factors like authentication method used, additional controls implemented, etc. This risk to user and enterprise security is one of the biggest drawbacks of these systems. ![]() With traditional systems that rely on “knowledge factors” like passwords, there’s no way for the user (or enterprise) to know if their memorable secret is safe from theft or compromise and more importantly if it has already been compromised. Authentication is based on “possession factors” like hardware cryptographic device and “inherence factors” like fingerprints or facial scans. Passwordless authentication is a way to verify a user’s identity without requiring them to type a password. ![]() But by how much? What is the passwordless cost? Is it lower or higher than password-based authentication cost? Password-based Authentication: Risks and Costs Passwordless authentication helps reduce these costs. Annually, this translates to total IT helpdesk staffing costs of $1 million. The average cost of a password reset request is $30-$70. For organisations with 15,000 employees, this represents a productivity loss of $5.2 million. ![]() A recent whitepaper revealed that employees spend 11 hours a year resetting their passwords. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |