A password is both a blessing and a curse. The blessing is that it permits relatively secure authentication. The curse is that because the complex passwords required for secure login are often too hard to remember, even for those with good memories. A forgotten password is annoying for users. It also costs a lot of money. Read more to learn just how high the costs can be and how you can avoid them.
Company decision makers rarely spend enough time considering the potential costs of passwords. Two key figures make it simple to demonstrate that costs are incurred:
- What is the cost of an employee hour during operations?
- How long do how many employees spend on resetting passwords? In other words, how long are they prevented from doing their actual work?
Forgotten passwords cost time and money
For example, let’s look at what happens when a password for an SAP system is forgotten. Aside from the interruption to the overall workflow in a team when one employee cannot log in, that person must also “waste” time to reset or regain the password. Who is the contact person? What ticket must be opened? What information about the SAP system is needed and who is the contact person for this information? And, of course, the employee must wait for the ticket to be processed – more time! – before he or she can log in to the system again and get back to work.
Calculation of costs for forgotten passwords, e.g. for an SAP system
To make this even more clear, here is a sample calculation: A company has a headcount of 1000 people and five relevant SAP systems. On average, we assume that hourly wages (including overhead) amount to EUR 40. Every year and for each SAP system, we assume that every user must use the password reset process twice. (You can determine this value for your own systems with transaction SU01D.) The time invested for employees is a combination of the time necessary to create the ticket and the wait time before it is processed. For our purposes, we will assume about ten minutes. Additional costs arise through the time that the Service Desk needs to close the ticket. We’ll assume ten minutes for this as well. We already have ten minutes for the employee plus ten minutes for the Service Desk. Here, we would like to point out that the ticket itself typically incurs costs in the ticket system and triggers administrative processes in addition to requiring time. Based on our assumptions so far, our costs – time not spent working – have run up to EUR 200,000 for one year. Naturally, these are assumptions.
If you want to know how much a password reset costs in your company, you can enter your actual key figures into the following calculator: