A password is both a blessing and a curse. The blessing is that it permits relatively secure authentication. The curse is that because the complex passwords required for secure login are often too hard to remember, even for those with good memories. A forgotten password is annoying for users. It also costs a lot of money. Read more to learn just how high the costs can be and how you can avoid them.

Company decision makers rarely spend enough time considering the potential costs of passwords. Two key figures make it simple to demonstrate that costs are incurred:

• What is the cost of an employee hour during operations?
• How long do how many employees spend on resetting passwords? In other words, how long are they prevented from doing their actual work?

Forgotten passwords cost time and money

For example, let’s look at what happens when a password for an SAP system is forgotten. Aside from the interruption to the overall workflow in a team when one employee cannot log in, that person must also “waste” time to reset or regain the password. Who is the contact person? What ticket must be opened? What information about the SAP system is needed and who is the contact person for this information? And, of course, the employee must wait for the ticket to be processed – more time! – before he or she can log in to the system again and get back to work.

Calculation of costs for forgotten passwords, e.g. for an SAP system

To make this even more clear, here is a sample calculation: A company has a headcount of 1000 people and five relevant SAP systems. On average, we assume that hourly wages (including overhead) amount to EUR 40. Every year and for each SAP system, we assume that every user must use the password reset process twice. (You can determine this value for your own systems with transaction SU01D.) The time invested for employees is a combination of the time necessary to create the ticket and the wait time before it is processed. For our purposes, we will assume about ten minutes. Additional costs arise through the time that the Service Desk needs to close the ticket. We’ll assume ten minutes for this as well. We already have ten minutes for the employee plus ten minutes for the Service Desk. Here, we would like to point out that the ticket itself typically incurs costs in the ticket system and triggers administrative processes in addition to requiring time. Based on our assumptions so far, our costs – time not spent working – have run up to EUR 200,000 for one year. Naturally, these are assumptions.

If you want to know how much a password reset costs in your company, you can enter your actual key figures into the following calculator:

Saving money with the self-service password reset solution

While our example calculation was relatively conservative, costs for resetting a password are fairly high. In practice, the values are likely even higher. The solution is in a self-service password reset solution like the SAST Password Selfservice. This reduces efforts and time that employees spend on the reset process, ideally to less than five minutes. Another advantage: Aside from the user, no employees at the Service Desk are involved, so no time is lost there. This means that we can easily eliminate about three-quarters of the costs. In our example, we would save EUR 150,000 each year. The ROI is thus a given within just a few months, even when you consider investment in the software and the efforts for SAP system setup.

Would you like to learn more about the password self-service offered by our SAST SUITE? Do you want to know more about securing your SAP systems? Check out our SAST SOLUTIONS website or send us an e-mail at sast@akquinet.de.

Patrick Boch, Product Manager SAST SOLUTIONS

Related articles in the SAST BLOG

“You can’t come in here… How you can easily prevent your SAP users from being inadvertently locked out.”