As employees return to work after the Christmas and New Year’s break, many will partake in the yearly tradition of resetting the passwords they forgot while they were off.
For employees, this means lost productivity. Instead of working, they’ll stare at their monitors and wait for IT to reset their passwords. The wait times could be particularly long this week and next as more employees head back to the office and realize they don’t remember their credentials.
Password resets also hinder the productivity of IT professionals. Their time is better spent on projects with a meaningful business impact. Dealing with forgotten passwords is low on the priority list. And password resets are expensive for businesses. An individual password reset costs companies $70, according to Okta. In the course of a year, password reset costs can run up to $1.9 million in an enterprise with 10,000 employees, based on Veridium’s calculations.
New decade, new authentication methods
The trouble with passwords (they’re easily forgotten, they’re expensive, they’re insecure) raises the question why enterprises continue to use them. After all, we’re in a new decade and a new year and have modern authentication methods that don’t use 1960s technology like passwords.
Take passwordless authentication. With this approach, people are never asked to create or use a password for any stage of the authentication process. Instead of passwords, people use their biometrics and smartphone to authenticate. If there’s no password, there’s nothing for employees to forget and reset when they turn of their laptop after the Christmas break.
This could be the decade when companies move away from using passwords, based on predictions from Gartner, which said that by 2022 “60 percent of large and global enterprises, and 90 percent of midsize enterprises, will implement passwordless methods in more than 50 percent of use cases.” And these organizations would be in good company: Microsoft is phasing out password authentication for employees and expects other businesses to do the same in the coming years.
Why go passwordless in 2020
Based on Veridium’s conversations with customers, some of the reasons organizations are going passwordless include:
Increased security: Going passwordless makes phishing attacks useless and eliminates the risk of attackers using stolen credentials to infiltrate a company. And using stolen biometrics in spoofing attacks is more difficult than using stolen passwords.
Better user experience: No one likes using passwords, especially after growing accustomed to using biometrics to authenticate into mobile apps and unlock smartphones. Familiar with the superior authentication experience passwordless offers, people now want it at work.
Enable digital transformation: Eliminating passwords fits with greater business initiatives around using innovative technology to stay competitive, increase employee efficiency and attract and retain customers.
Of course, eliminating phishing attacks, boosting employee productivity, staying innovative and providing a seamless authentication experience are benefits that apply year-round. But with companies dealing with a higher amount of password resets in the coming days, the start of 2020 is an ideal time to rethink authentication and look into passwordless.