The True Cost of Password Resets

The True Cost of Password Resets

User enrollment exposes a password manager’s true cost.

Recently, I found myself in a discussion about the true cost of a passwords reset. Ironically, I was in a position where I had to defend spending more as part of a strategy to lower Help Desk requests and operational costs. In comparing software to software, the conversation started a little topsy-turvy, because who doesn’t want to pay the lowest fee up front?

The problem begins by limiting your comparison to only the purchase price. As you’ve read in my other blogs warning against security vulnerabilities inherent in cheap password managers, the problem with paying less is you end up paying more for costs that could have been prevented with more forethought.

This blog reveals how to calculate the true organizational cost of password resets and recommends ways to ensure you receive the greatest value from your enterprise password management software.

Calculating the True Cost of Password Resets

The calculation of the true cost of password resets starts with the purchase amount for a password manager, but it doesn’t stop there. To uncover the true cost, you must also consider the value, which is determined by user enrollment and adoption.

Adding to the calculation, you must include the cost for Help Desk to fulfill password reset requests from those who do not use the system. And finally, time must be factored into the equation to show your return on investment.

Simply stated, the true cost of password resets can be represented as:

Password Manager Purchase Cost + Cost of Help Desk Password Resets = True Cost

To demonstrate the calculation of the true cost of password resets, I will use two case studies from our customers’ experience over a three-year period. For comparison, and to keep confidentiality, I will use the same number of users and cost for Help Desk password resets.

The first case study comes from a new customer. The calculation is based on the true cost they experienced with a competitor’s password manager.

Case Study 1

To Calculate the True Cost, consider the following:

Solution Purchase$15,000
Total Users3,000
User Adoption Percentage30%
User Adoption (use self-service)900

In this example, an organization paid $15,000 for their solution. Of their 3,000 users, 30%, or 900 used the system for self-service password resets.

For the calculation of the cost of Help Desk password resets, I will use $15 for both examples. If you know your actual organizational cost, plug in your numbers and follow along. As an alternative to my estimate, pick from one of the experts who estimate the Average Cost Per Password Reset Call:

Forrester Research$25
Gartner$22
HDI$17

After settling on a cost for a Help Desk password reset request, you need to determine the number of users who do not use your password manager’s self-service password reset feature. In the first example since data showed 900 users practiced self-service, 2,100 made Help Desk requests for password reset.

For both case studies, let’s assume one Help Desk request per user. If you know this number for your enterprise, plug it in. For those that do not know their actual number, run estimates from one to three for a low, medium and high range.

In the first case study, when you add Help Desk cost to the Solution Purchase, you get the True Cost to the organization:

Password Reset Requests2,100
Cost Per Password Reset Request$15
Total Help Desk Password Reset Costs$31,500
True Cost of Password Resets$46,500

As you can see, password resets cost the organization $46,500 or three times as much as the password management software.

Case Study 2

The second case study relates the experience of a long time customer that also happens to be one of the largest enterprises to deploy our software. For consistency and confidentiality, numbers are scaled to size.

To Calculate the True Cost in the second case study, consider the following:

Avatier Solution Purchase$24,000
Total Users3,000
User Adoption Percentage98%
User Adoption (use self-service)2,940

In the second example, an organization pays $24,000 for our solution. Of their 3,000 users, 98%, or 2,940 use the system for self-service password resets.

The second case study Help Desk Cost and True Cost are calculated as:

Password Reset Requests60
Cost Per Password Reset Request$15
Total Help Desk Password Reset Costs$900
True Cost of Password Resets$24,900

The second case study shows Avatier costs an organization about half as much as the cheaper solution. It represents how an organization can receive the optimum value from an enterprise password management solution.

Achieving 100% End User Enrollment and Adoption

For those of you who are still reading, you probably are waiting for my recommendations. To receive optimum value from your password manager, you must manage enrollment, offer options and automate ticketing. Aside from technology, you will likely require new processes, training and company-wide communication too. Both Help Desk and end users need to be made aware of the true cost of password resets.

The topic of optimization clearly deserves more attention. I also recognize I’m running long. For this reason, I’ll commit to covering best practices for achieving 100% end user enrollment in another blog. In the meantime, the surest way to learn more is to attend this year’s HDI Conference in Las Vegas. Our longtime customer, Halliburton, will present “Stop Paying Twice For Your Password Management Solution” at Session #510. During the session, you can learn the metrics, processes, procedures and technologies Halliburton leverages to achieve 98% user enrollment.

Top 10 Password Management Best Practices -- The proven working guide for successful implementation.Get Your Free Top 10 Password Management Best Practices Guide

Learn the Top 10 Password Management Best Practices for successful implementations from industry experts. Use this guide to sidestep the challenges that typically derail enterprise password management projects.

Request the Workbook

Written by Thomas Edgerton

Thomas Edgerton, Avatier's MVP award-winning Market Analyst and Performance Consultant in information technology, IT security, instructional technology and human factors, blogs on topics ranging from leadership to national security, innovation and deconstructing the future.​