Cheap password alternatives wanted!
Some people still think that passwords are secure, ignoring the facts that:
· At least 17% of people use passwords “123456” to ‘secure’ their accounts, while 50% use one of the top 25 most common passwords
· People use similar passwords for several websites
· People share passwords with others
· People keep passwords written down
· People tend to forget passwords, as the number of websites requiring passwords rises. This makes them recover passwords over and over again.
Resetting password involves large costs for FinTech companies or large enterprises, which usually use call centres/help desks or costly SMS -es to validate the identity of each user/ employee. But resetting passwords involves not only a cost in money but also in time and productivity. In average, each reset process takes up to 25 minutes out of employees’ time. This involves resets of passwords for the company’s clients and employees.
Customer password resets
A password reset request can be seen as a not very significant activity. However, password resets cost organisations energy, money and time. According to Gartner Group, between 20%-50% of customer support calls are for password resetting. Forrester Research says that at least $70 cost to the company to reset the password of its user. Taking into account the number of users on popular websites and how many times on average they need to reset their passwords makes a huge amount of money. For example, with the total number of employees of 500, 30% of help desk password reset calls, and $35 average cost per password call the annual password reset call amount will hit $110,250.
As an example, Forrester examines a large US-based public university, with over 300,000 total users (including students, faculty, and administrators). It was found that about 8,000 passwords resets per month were completed in 2014, and less than 50% could make the reset through self-service.
Moreover, there is the risk of cyber-attacks as a result of unprofessional password recovery management. If the organisation fails to correctly verify the user this can lead to a data breach. The problems, associated with data breaches are not only damage reputation of the companies, but also carry penalties under privacy regulations (e.g.: GDPR).
Employee password recovers
The average employee of an average company loses about 45 minutes of working time before he attempts to give a helpdesk call. This call happens about 1,2 times per year and takes about 5 minutes from the IT specialist. That makes 60 minutes (or 1 hour) of the working time for one of your employees. This figure obviously varies depending on the season (people returning from vacation are more likely to forget their passwords) and on the company security policy (some companies are stricter with passwords than others). Taking into account the number of employees in your company — you can estimate the loss of income to the company, because 200 employees * 1 hour of time lost results in 200 hours lost per year, while 1000 employees * 1 hour of time lost results in 1000 hours lost per year. In a US-based survey, a cost of $420 per employee, per year is lost to password management. In the same survey, almost 40% of the users reported having more than 50 password resets in a single year.
How PixelPin can help to save your company’s money?
We claim that PixelPin has significantly lower rates of password recovery (we see a very low rate of about 17% vs more than 33% of alpha-numeric passwords forgets) than alpha-numeric passwords. Following this, the company that integrates PixelPin does not longer experience serious financial losses caused by passwords resets. We associate the fact that alpha-numeric passwords have higher rates of resets with the fact that it is more difficult to remember them rather than images. According to the research, when someone receives textual information, they only remember 10% of it hours later, while in the case of information portrayed via images, this indicator increases to 65%. We have already discussed this issue in detail in our previous blog post, so do not hesitate to explore -> https://medium.com/@PixelPin/why-should-pictured-passwords-replace-textual-985bf98daee1